Corelight, a leading provider of network detection and response (NDR) solutions, has announced the private preview of its GenAI Accelerator Pack, designed to advance security operations center (SOC) workflows. Unveiled on July 31, 2025, the pack integrates a Model Context Protocol (MCP) Server, Analyst Assistant Promptbooks, and Investigation Promptbooks, leveraging large language models (LLMs) to enhance threat detection and response. The solution will be showcased at the Black Hat Network Operations Center in Las Vegas from August 2-7, 2025, where Corelight serves as the sole NDR provider.
Corelight launches GenAI Accelerator Pack for SOC efficiency.
Includes MCP Server, Analyst, and Investigation Promptbooks.
Enhances workflows with LLMs across multiple SIEM platforms.
Showcased at Black Hat 2025, monitoring for malicious activity.
Accelerates triage and investigation for diverse alert types.
Builds on Corelight’s OpenNDR strategy for agentic SOC.
The GenAI Accelerator Pack integrates with Corelight’s OpenNDR platform, combining AI/ML detections with forensic-grade network evidence to streamline SOC operations. “This is a natural extension of Corelight's longstanding efforts to leverage AI for robust analytics and workflow acceleration,” said Greg Bell, Corelight chief strategy officer. The pack supports a range of alert types, including endpoint detection and response (EDR) and identity threat detection and response (ITDR), ensuring broad applicability beyond Corelight’s own alerts.
The MCP Server provides a programmatic interface that enables analysts to access Corelight’s log, alert, and detection data through SIEM platforms like Splunk, Elastic, and LogScale. Using natural language, it abstracts complex queries into actionable insights, empowering analysts to harness LLMs effectively. This feature enhances interoperability, allowing seamless integration with existing SOC tools and fostering an agentic SOC ecosystem.
The pack includes Analyst Assistant Promptbooks, offering LLM prompts and sample data to support daily tasks such as alert translation and payload summaries. Investigation Promptbooks provide workflow prompts for automated investigations of common alert types, with transparent detailing of steps taken. These extend Corelight’s Investigator SaaS capabilities to sensor-only customers, delivering succinct, actionable insights. “We believe the future of cybersecurity is evidence-first and AI-accelerated,” added Bell.
Corelight will demonstrate the GenAI Accelerator Pack at the Black Hat Network Operations Center from August 2-7, 2025, in Las Vegas. As the sole NDR provider, Corelight will monitor the purpose-built network for malicious activity, showcasing the pack’s real-time capabilities. This follows Corelight’s recognition as a Leader in the 2025 Gartner® Magic Quadrant™ for NDR, highlighting its innovation in AI-driven security solutions.
The GenAI Accelerator Pack builds on Corelight’s leadership in NDR, marked by its pioneering GenAI workflow automation and Guided Triage capabilities. By combining open-source tools like Zeek with LLM-driven reasoning, Corelight empowers SOC teams with superhuman triage capabilities while maintaining transparency and architectural independence. This approach addresses the growing complexity of cyber threats, reducing triage time by up to 50% and enhancing analyst productivity across skill levels.
Corelight’s GenAI Accelerator Pack positions the company at the forefront of AI-driven cybersecurity. By enhancing SOC workflows with interoperable, evidence-based solutions, Corelight enables organizations to respond to threats faster and more effectively, setting a new standard for the agentic SOC.
Corelight transforms network and cloud activity into evidence that security teams use to proactively hunt for threats, accelerate response to incidents, gain complete network visibility and create powerful analytics. Corelight's global customers include Fortune 500 companies, major government agencies, and large universities. Based in San Francisco, Corelight is an open-core security company founded by the creators of Zeek®, the widely-used network security technology.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.