Skip to main content

Corelight

Corelight is a network detection and response (NDR) platform that transforms raw network traffic into structured security evidence using open-source Zeek. ReversingLabs integrates with Corelight to provide automated file analysis as part of a unified network security workflow.

Overview

File-based threats must cross the network before they can execute. The Corelight and ReversingLabs integration addresses this by combining Corelight's high-throughput file extraction capabilities with ReversingLabs' file analysis platform.

In this integration, Corelight Sensors monitor network traffic, extract files in transit, and forward them to ReversingLabs for analysis. ReversingLabs then provides malware classification, threat indicators, and file reputation data that security teams can act on directly in their SIEM or SOAR environment.

How it works

The integration follows a three-stage flow:

  1. File extraction — Corelight Sensors capture packets from physical, virtual, or cloud environments and extract files crossing the network. Each file generates a files.log entry containing metadata such as file name, MIME type, size, and hash values.
  2. File analysis — Extracted files are forwarded to ReversingLabs, where they are analyzed using static analysis and file reputation services. ReversingLabs supports over 4,000 file formats and generates threat indicators and classification results for each sample.
  3. Analyst response — Analysis results are returned as logs and insights that security analysts can use directly in their SIEM. Because Corelight logs are interlinked via a unique connection ID, analysts can pivot from ReversingLabs findings back to network-level context to trace file origins and movement.

Corelight and ReversingLabs integration diagram

Requirements

To use this integration, you need:

  • An active Corelight deployment (physical, virtual, or cloud sensor)
  • A ReversingLabs product subscription that supports file analysis (contact your ReversingLabs account representative for details)

Further information

This integration is maintained by Corelight. For configuration instructions, deployment guidance, and support, refer to the Corelight documentation, or contact Corelight directly.

For questions about your ReversingLabs subscription or API access, contact ReversingLabs support.