THE Hacker News published a hands-on piece on 17 February 2026 about using Corelight’s Investigator, an Open NDR Platform tool designed to be user-friendly for junior analysts. The author describes starting with a production version loaded with pre-recorded network traffic and highlights how Investigator’s dashboard flags the latest high-risk detections by IP and frequency, helping form a hypothesis before drilling into alert details.
The piece notes that Investigator provides context such as MITRE ATT&CK techniques and includes GenAI features that suggest a course of action, explain how to check for external command-and-control activity, and track lateral movement, all within the analyst’s workflow. It emphasises enrichment and integration as key benefits, enabling data from network connections to be correlated with SIEMs, EDRs like CrowdStrike Falcon, and firewall tools, with more than 50 integrations possible.
The article also mentions privacy considerations, stating that Investigator “only shares data with the model when an analyst is investigating a threat” and can operate with private and public data integrations. According to The Hacker News, the piece closes by noting that the experience served as a practical introduction to threat hypotheses and how networks operate and can be defended today.