Sysdig Falco and Stratoshark strengthen open source cloud security

Sysdig introduces new Falco features that integrate seamlessly with Stratoshark. These updates enable automatic capture of system data for forensic investigation in the event of specific threats.

Falco, which graduated from the CNCF in February 2024, can now store system capture (SCAP) files as soon as certain security rules are triggered. These files can be used directly in Stratoshark, known as the “Wireshark for the cloud.” The integration enables moving from real-time detection to in-depth post-event analysis.

The platform has now reached more than 175 million downloads. Users have access to comprehensive tools for investigating cloud threats.

Improved plug-ins for contextual insight

Sysdig has also optimized the Falco plugins k8saudit and gcpaudit. These plugins help Stratoshark uncover crucial context in source events. As a result, teams can convert raw security data into actionable information.

The combination leads to a process that combines rapid detection and forensic investigation. “Falco has cemented itself as the gold standard for runtime cloud threat detection, and Stratoshark is quickly becoming the industry’s tool of choice for deep cloud system analysis,” said Loris Degioanni, founder and CTO of Sysdig. These developments bring the open source community closer to a platform-like experience for complete detection and response in the cloud.

What users can expect

The enhanced integration between Falco and Stratoshark means users can detect attacks in real time and search captured data with precision. “With Falco now producing Stratoshark-consumable SCAP files and enriched cloud log metadata, we’re bridging the open source gap between real-time threat detection and granular forensics,” said Gerald Combs, Director of Open Source Projects at Sysdig.

The new capabilities offer three concrete benefits. First, teams gain uniform workflows. They detect threats in real time with Falco, capture in-depth incident details from the moment Falco flags suspicious behavior, and investigate with precision in Stratoshark. Second, the developments are driven by the community. Open source security is strengthened by collaborative progress, transparency, and collective insight. Teams can easily zoom in and out on system activity. This power and extensibility, previously reserved for commercial cloud platforms, is now open source and available for free.

Tip: Sysdig donates Stratoshark to Wireshark Foundation for cloud security

Cybersecurity needs more women

Cybersecurity has become an indispensable part of every organization. As threats become more complex and digi...

Berry Zwets November 6, 2025

Top story

Expert Talks

Tech calendar

Stay tuned, subscribe!

Celonis frees business processes through real-time MRI scans

Cybersecurity needs more women

HPE builds private cloud and massive temporary network for Ryder Cup

SAP launches RPT-1: the end of machine learning?

AFX is NetApp's data platform of the future with integrated AI data prep

SAP Business Network: $6.5 trillion B2B collaboration platform

Nutanix CTO explains their VMware alternative and multi-cloud strategy

Managing the AI chaos with ServiceNow's AI Control Tower

AI Integrity: The Invisible Threat Organizations Can’t Ignore

Three Ways Secure Modern Networks Unlock the True Power of AI

How to Safeguard and Prepare Exchange Server against Natural Disasters?

Discover Why Northern Europe Chooses Redgate Monitor

Dell Technologies Forum

BrickCon The Databricks Community Conference

Appdevcon

Webdevcon

Dutch PHP Conference

Experience Synology’s latest enterprise backup solution

How to choose the right Enterprise Linux platform?

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices