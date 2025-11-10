Sysdig introduces new Falco features that integrate seamlessly with Stratoshark. These updates enable automatic capture of system data for forensic investigation in the event of specific threats.

Falco, which graduated from the CNCF in February 2024, can now store system capture (SCAP) files as soon as certain security rules are triggered. These files can be used directly in Stratoshark, known as the “Wireshark for the cloud.” The integration enables moving from real-time detection to in-depth post-event analysis.

The platform has now reached more than 175 million downloads. Users have access to comprehensive tools for investigating cloud threats.

Improved plug-ins for contextual insight

Sysdig has also optimized the Falco plugins k8saudit and gcpaudit. These plugins help Stratoshark uncover crucial context in source events. As a result, teams can convert raw security data into actionable information.

The combination leads to a process that combines rapid detection and forensic investigation. “Falco has cemented itself as the gold standard for runtime cloud threat detection, and Stratoshark is quickly becoming the industry’s tool of choice for deep cloud system analysis,” said Loris Degioanni, founder and CTO of Sysdig. These developments bring the open source community closer to a platform-like experience for complete detection and response in the cloud.

What users can expect

The enhanced integration between Falco and Stratoshark means users can detect attacks in real time and search captured data with precision. “With Falco now producing Stratoshark-consumable SCAP files and enriched cloud log metadata, we’re bridging the open source gap between real-time threat detection and granular forensics,” said Gerald Combs, Director of Open Source Projects at Sysdig.

The new capabilities offer three concrete benefits. First, teams gain uniform workflows. They detect threats in real time with Falco, capture in-depth incident details from the moment Falco flags suspicious behavior, and investigate with precision in Stratoshark. Second, the developments are driven by the community. Open source security is strengthened by collaborative progress, transparency, and collective insight. Teams can easily zoom in and out on system activity. This power and extensibility, previously reserved for commercial cloud platforms, is now open source and available for free.

