Traceeshark is a new plugin for Wireshark that is designed to help security professionals investigate security incidents more efficiently. This plugin enhances the capabilities of Aqua Tracee, a popular open-source security and forensics tool, by allowing users to analyze kernel-level event data and behavioral detection alongside network traffic.
One of the key features of Traceeshark is its ability to visually and interactively analyze system activity alongside network traffic events. By merging system event data with network packet analysis, users are able to get a full picture of what is happening within their environment. This can simplify complex security investigations and provide valuable insights for practitioners.
According to Assaf Morag, Lead Data Analyst at Aqua Nautilus, Traceeshark is the first runtime eBPF-based tool for security and forensics. It can capture network activity and syscalls in real-time, providing detailed information about cloud-native environments. The tool offers unique features such as the ability to analyze system and network activity in one place, as well as capturing system activity while allowing simultaneous inspection and analysis.
Some key features of Traceeshark include unified analysis, enhanced context for analyzing system events alongside network packets, live capture capabilities, and customizable filters for focusing on events of interest. The plugin is designed to make the investigation process easier and more efficient for security practitioners.
In terms of future plans, Morag mentioned that they aim to enrich all events with extra process information, track process relations, add more advanced statistics and data aggregations, and allow for the tracking of related events. These updates will further enhance the capabilities of Traceeshark and provide even more value to users.
Traceeshark is available for free on GitHub, making it accessible to a wide range of security professionals. By leveraging this plugin, users can enhance their security investigations and gain deeper insights into their network activity.
For those interested in cybersecurity tools, it is recommended to check out other free and open-source tools that can help enhance security practices. These tools can save time and provide valuable resources for practitioners in the field. By staying informed about the latest cybersecurity tools and technologies, professionals can stay ahead of potential threats and protect their environments effectively.
