Aqua News Aqua Security Unveils Traceeshark: Open Source Tool Combining Tracee’s Dynamic Analysis of Linux Malware with Wireshark

Unifying Tracee and Wireshark's capabilities provide SOC and incident response teams with unparalleled security monitoring and threat investigation

BOSTON—August 7, 2024—Aqua Security, the pioneer in cloud native security, today unveiled Traceeshark, an innovative plugin for Wireshark that enables security practitioners to quickly investigate security incidents. Traceeshark enhances the capabilities of Aqua Tracee, an open source runtime security and forensics tool for Linux, and empowers users to analyze kernel-level event and behavioral detection alongside network traffic, offering a seamless and interactive analysis experience.

Aqua Tracee is renowned for its robust runtime security and forensics capabilities, leveraging eBPF technology to trace systems and applications at runtime and detect suspicious behaviors. However, analyzing the vast amount of data generated by Tracee has traditionally been a manual and labor-intensive process. Traceeshark revolutionizes this process by integrating with Wireshark, the world’s leading network protocol analyzer, and leveraging its advanced investigation and filtering capabilities.

With Traceeshark, users can now visually and interactively analyze system activity alongside network traffic events, providing unprecedented insights into both system and network activities. Traceeshark simplifies complex security investigations by merging Tracee’s system event data with network packet analysis with full context of the container and process.

“Traceeshark opens up a whole new world of capabilities for dynamic analysis of Linux malware, forensics, kernel hacking and more,” said Idan Revivo, VP Cyber Security Research of Aqua Security. “We are excited to provide security practitioners and developers with this new tool as part of our ongoing commitment to open source innovation and community collaboration. By providing powerful and accessible tools like Traceeshark, we can continue to drive the security industry forward.”

Key features of Traceeshark include:

  • Unified Analysis: Allow users to view and filter events side by side with network packets.
  • Enhanced Context: Analyze system events alongside network packets with rich contextual information about system processes and containers, enabling deeper correlations and insights.
  • Live Capture: Perform live captures of Tracee events, streaming them directly into Wireshark, whether locally or remotely over SSH.
  • Customizable Filters: Utilize Wireshark’s advanced filtering capabilities to focus on events of interest, with quick filter buttons for common analysis tasks.

Traceeshark is the latest addition to Aqua’s flourishing open source community. Aqua has built one of the largest open source cloud native security communities in the world, with tens of thousands of users and over 40,000 combined GitHub stars. It also includes the widely revered Trivy®, an open source vulnerability and risk scanner, which has a thriving community of users and contributors.

For more information about Traceeshark and to get started, visit GitHub and Aquasec.com for more information.

About Aqua Security

Aqua Security is the pioneer in securing containerized cloud native applications from development to production. Aqua’s full lifecycle solution prevents attacks by enforcing pre-deployment hygiene and mitigates attacks in real time in production, reducing mean time to repair and overall business risk. The Aqua Platform, a Cloud Native Application Protection Platform (CNAPP), integrates security from Code to Cloud, combining the power of agent and agentless technology into a single solution. With enterprise scale that doesn’t slow development pipelines, Aqua secures your future in the cloud. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL protecting over 500 of the world’s largest enterprises. For more information, visit https://www.aquasec.com.