Sysdig has donated Stratoshark, an open source tool for cloud forensics, to the Wireshark Foundation. The donation includes Stratoshark’s source code, including the code that enables Wireshark to work with the Falco libraries, associated trademarks, logos, and website domains.

Stratoshark extends Wireshark’s network visibility to the cloud by leveraging the Falco security platform ecosystem. It brings Wireshark’s network packet analysis together with Falco’s runtime security.

The advantage of Stratoshark is the ability to analyze system calls and cloud logs with the same precision as network packets in Wireshark. This allows security experts to investigate incidents quickly and efficiently. While Falco detects threats in real time, Stratoshark provides a complementary, detailed analysis of what happened.

Continuation of open source collaboration

The Wireshark Foundation was established in 2023 as the steward of Wireshark and related open source projects. The foundation provides long-term management, sustainability, and education for a community of more than 5 million daily users. By integrating Stratoshark into its portfolio, the foundation is extending its network-focused offering to modern, cloud-native environments.

Since its official launch in January 2025, Stratoshark has expanded its cloud analytics capabilities. It now provides deep insight into cloud activity’s who, what, when, and where, making it an indispensable addition to the Falco platform that helps companies detect and respond to suspicious behavior in Linux containers and applications.

Tip: SysDig unveils SysDig Advisor