Case Study: Top Research University gains richer network visibility and custom detection with Corelight

Top university builds custom detection scripts using Corelight’s Zeek logs

Top Research University needed better network visibility than its existing NetFlow and server/firewall logs could provide, especially to support custom detection scripting across multiple campuses with traffic averaging more than 35 Gbps. The university selected Corelight’s AP 1000 Sensors and Zeek network analysis framework after finding open-source Zeek implementations too operationally demanding for its staff.

Corelight delivered rich Zeek logs with easy export to Elasticsearch and Splunk, giving the security team fast, searchable data that could be enriched and used for custom detections. As a result, Top Research University gained stronger visibility into active sessions, long-lived connections, suspicious SSH activity, port scanning, DHCP anomalies, and other behaviors, while benefiting from 2–3x better performance than open-source alternatives and simpler ongoing management.