.jpg)
Sysdig is taking a significant step toward its vision of a unified, open source cloud security platform with new capabilities announced at KubeCon + CloudNativeCon North America 2025. The updates enhance the integration between Falco, the CNCF-graduated runtime threat detection standard, and Stratoshark, the deep cloud analysis tool. These advancements create a seamless, end-to-end workflow for the global open source community, bridging the critical gap between real-time threat detection and in-depth forensic investigation.
Sysdig has enhanced its open source cloud security tools, Falco and Stratoshark.
Falco can now record system capture (SCAP) files for Stratoshark consumption.
This creates a unified workflow from real-time detection to deep forensic analysis.
Updates to Falco plug-ins provide richer context for cloud log data.
The integration embodies a platform approach to open source security.
The goal is to democratize powerful, integrated security tools for the community.
The core of this advancement is a deeper technical integration between Falco and Stratoshark. Falco, which has surpassed 175 million downloads, can now generate system capture (SCAP) files when its rules are triggered. These files are designed to be immediately consumable by Stratoshark, often described as "Wireshark for the cloud." This allows security teams to move seamlessly from detecting a live threat to conducting a granular, post-event investigation without switching contexts or tools.
Loris Degioanni, founder and CTO of Sysdig and creator of Falco, highlighted the significance, stating, “Falco has cemented itself as the gold standard for runtime cloud threat detection, and Stratoshark is quickly becoming the industry’s tool of choice for deep cloud system analysis. Enhancing the integration between these powerful tools brings the open source community closer to a unified, platform-like experience for complete life-cycle detection and response in the cloud.”
This integration addresses the complexity of modern cloud environments by moving beyond isolated point solutions. Security teams now have access to a cohesive system that spans the entire incident lifecycle. The enhanced Falco plug-ins for Kubernetes and cloud audits provide Stratoshark with critical context, turning raw security data into actionable intelligence faster than ever before.
Gerald Combs, Director of Open Source Projects at Sysdig and creator of Wireshark, explained the broader vision, noting, “With Falco now producing Stratoshark-consumable SCAP files and enriched cloud log metadata, we’re bridging the open source gap between real-time threat detection and granular forensics. The future of security is built on open source, and the future of open source is built on a platform approach.” This initiative effectively democratizes capabilities once reserved for commercial platforms, empowering the entire community with powerful, integrated security workflows.
Sysdig delivers cloud security the right way with open innovation, agentic AI, and the uncompromising truth of runtime. In a world of black boxes and blind spots, Sysdig helps security and development teams prevent, detect, and respond to threats in the moment.
AI is only as powerful as the signals it receives, and Sysdig Sage™ – the first agentic AI analyst for cloud security – is fueled by the deepest runtime intelligence in the industry. It doesn’t just observe. It reasons and acts with the context, speed, and precision that modern teams need to build and defend innovation in real time. Founded by the creators of Falco and Wireshark, Sysdig is trusted by more than 60% of the Fortune 500 and is built for those who refuse to compromise on security.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.