Safer Sharknado: Sysdig donates Stratoshark to Wireshark Foundation
Sysdig has donated Stratoshark, the company’s open source cloud forensics tool, to the Wireshark Foundation.
This contribution is part of Sysdig’s commitment to the community and building in the open.
The company says it hopes to push security forward with advanced tools that understand cloud-native environments better.
Sysdig’s contribution includes Stratoshark’s source code, including the code to interface Wireshark with the Falco libraries, in addition to its associated trademarks, logos and website domains.
Stratoshark – developed by Wireshark founder Gerald Combs and Falco creator Loris Degioanni – extends Wireshark’s network visibility to the cloud by using Falco’s ecosystem. It combines Wireshark’s packet analysis with Falco’s robust runtime security for fast troubleshooting, confident incident response and cloud-native flexibility. Stratoshark equips users to analyze system calls and cloud logs with the same precision and granularity that Wireshark has offered for over 25 years.
“At Sysdig, we fundamentally believe that security should be a collaborative, transparent effort for defenders – not an asymmetrical battle,” said Degioanni, Sysdig founder and CTO. “That belief was the foundation for Wireshark and Falco and it’s the guiding principle that led us to create Stratoshark. By donating Stratoshark to the Wireshark Foundation, we’re ensuring that the community can continue to innovate, refine and strengthen security together.”
Wireshark Foundation
The Wireshark Foundation, established in 2023, serves as the custodian for Wireshark and its related open source projects, providing a framework for long-term stewardship and education for a growing community of over what is now five million daily users. The nonprofit is also home to SharkFest, Wireshark’s developer and user conference, as well as the Wireshark source code and assets.
By integrating Stratoshark into its portfolio, the foundation expands its network-centric offerings to address the quickly evolving needs of modern, cloud-native environments.
Since its formal launch in January 2025, Stratoshark has expanded its cloud system call analysis capabilities to include granular investigation of cloud logs. So while Falco – which is used by more than 60% of the Fortune 500 – can detect and alert on real-time threats, Stratoshark offers a complementary, detailed event analysis, including the “who, what, when and where” of cloud activities.
“From Wireshark to Sysdig, Loris and I have been dedicated to helping people understand what’s happening at the core of their systems,” said Combs, Sysdig director of open source projects. “This donation is not only about making deep cloud workload visibility and forensics universally accessible, but also ensuring that Stratoshark has a solid legal foundation, something inaccessible to most open source projects. This ensures that the tool will live on through strong governance while also exposing it to a greater network of contributors.”
Community views
The community thinks that Stratoshark represents forward move, bringing the same packet-level insights we’ve had for traditional networks into the cloud-native world.
Sheri Najafi, executive director at the Wireshark Foundation has said that Stratoshark represents a “significant advancement” in cloud observability. Integrating it into the Wireshark Foundation aligns with the foundation’s goal of fostering open source development and education, ensuring that tools like Stratoshark remain accessible and up to date for the broader community.
