Corelight-update

The primary purpose of the Corelight-update utility is to automate and simplify the workflow of collecting data from disparate sources of dynamic content for Corelight Sensors by integrating into your existing CI/CD process.

These data sources include Suricata rulesets, YARA rules, threat intelligence, vulnerability data, endpoint host data, and other Input Framework data for Zeek packages. The data can come from pre-formatted local sources, pre-formatted remote sources, or specific third-part integrations.

There’s no need for additional tools if you integrate Corelight-update with your CI/CD or change control process to manage Suricata rulesets, Intel files, Input files or Zeek package bundles.

Corelight-update natively supports the concept of hierarchical processing, with a single global configuration and multiple policy configurations.

The output of each policy is merged into a single Intel file, a single Suricata ruleset, a single package bundle, a single YARA rules file, and multiple Input files ready to be consumed by a Corelight Sensor.

A secondary function of Corelight-update is to push content to Corelight Sensors. It supports all types of sensors, both Fleet-managed and stand-alone.

• QuickStart - new install
  • System requirements
  • Installation overview
• QuickStart - upgrade
  • System requirements
  • Upgrade overview
• Global configuration
  • Logging
  • Services settings
  • Network communication settings
  • General settings
  • Complete global config
• Policy configuration
  • Policy sources
  • Policy inventory settings
  • Suricata configuration
  • Intel management
  • Input management
  • YARA management
  • Third-party integrations settings
• References
  • Internal References
  • Zeek package references
  • Third-party configuration guides
• Removing corelight-update
  • Removing Corelight-update packages
• Corelight-update Release Notes
  • v2.0.5 (April 2026)
  • v2.0.4 (April 2026)
  • v2.0.3 (March 2026)
  • v2.0.2 (December 2025)
  • v2.0.1 (October 2025)
  • v2.0.0 (September 2025)
  • v1.16.2 (July 2025)
  • v1.16.1 (June 2025)
  • v1.16.0 (June 2025)
  • v1.15.1 (May 2025)
  • v1.15.0 (April 2025)
  • v1.14.1 (March 2025)
  • v1.14.0 (March 2025)
  • v1.13.1 (January 2025)
  • v1.13.0 (November 2024)
  • v1.12.0 (September 2024)
  • v1.11.0 (August 2024)
  • v1.10.1 (April 2024)
  • v1.10.0 (April 2024)
  • v1.9.4 (March 2024)
  • v1.9.2 (January 2024)
  • v1.9.0 (January 2024)
  • v1.8.1 (September 2023)
  • v1.8.0 (September 2023)
  • v1.7.3 (August 2023)
  • v1.7.2 (August 2023)
  • v1.7.1 (August 2023)
  • v1.7.0 (July 2023)
  • v1.6.3 (July 2023)
  • v1.6.2 (June 2023)
  • v1.6.1 (May 2023)
  • v1.6.0 (March 2023)
  • v1.5.0 (February 2023)
  • v1.4.1 (February 2023)
  • v1.4.0 (January 2023)
  • v1.3.0 (November 2022)
  • v1.2.1 (November 2022)
  • v1.2.0 (October 2022)
  • v1.1.0 (October 2022)
  • v1.0.1 (October 2022)