See how Corelight’s combination of Zeek and Suricata puts defenders on top with alerts integrated into evidence. The suricata_corelight.log integrates elements from the Suricata EVE log and the Corelight conn.log to help you distinguish false positives from true positives.
