Aqua Security Unveils Traceeshark: Open Source Tool Combining Tracee’s Dynamic Analysis of Linux Malware with Wireshark
2024年8月8日 - 9:00PM
Aqua Security, the pioneer in cloud native security, today unveiled
Traceeshark, an innovative plugin for Wireshark that enables
security practitioners to quickly investigate security incidents.
Traceeshark enhances the capabilities of Aqua Tracee, an open
source runtime security and forensics tool for Linux, and empowers
users to analyze kernel-level event and behavioral detection
alongside network traffic, offering a seamless and interactive
analysis experience.
Aqua Tracee is renowned for its robust runtime security and
forensics capabilities, leveraging eBPF technology to trace systems
and applications at runtime and detect suspicious behaviors.
However, analyzing the vast amount of data generated by Tracee has
traditionally been a manual and labor-intensive process.
Traceeshark revolutionizes this process by integrating with
Wireshark, the world's leading network protocol analyzer, and
leveraging its advanced investigation and filtering
capabilities.
With Traceeshark, users can now visually and interactively
analyze system activity alongside network traffic events, providing
unprecedented insights into both system and network activities.
Traceeshark simplifies complex security investigations by merging
Tracee's system event data with network packet analysis with full
context of the container and process.
“Traceeshark opens up a whole new world of capabilities for
dynamic analysis of Linux malware, forensics, kernel hacking and
more,” said Idan Revivo, VP Cyber Security Research of Aqua
Security. “We are excited to provide security practitioners and
developers with this new tool as part of our ongoing commitment to
open source innovation and community collaboration. By providing
powerful and accessible tools like Traceeshark, we can continue to
drive the security industry forward."
Key features of Traceeshark include:
- Unified Analysis: Allow users to view and
filter events side by side with network packets.
- Enhanced Context: Analyze system events
alongside network packets with rich contextual information about
system processes and containers, enabling deeper correlations and
insights.
- Live Capture: Perform live captures of Tracee
events, streaming them directly into Wireshark, whether locally or
remotely over SSH.
- Customizable Filters: Utilize Wireshark's
advanced filtering capabilities to focus on events of interest,
with quick filter buttons for common analysis tasks.
Traceeshark is the latest addition to Aqua’s flourishing open
source community. Aqua has built one of the largest open source
cloud native security communities in the world, with tens of
thousands of users and over 40,000 combined GitHub stars. It also
includes the widely revered Trivy®, an open source vulnerability
and risk scanner, which has a thriving community of users and
contributors.
For more information about Traceeshark and to get started, visit
GitHub and Aquasec.com for more information.
About Aqua Security Aqua Security is the
pioneer in securing containerized cloud native applications from
development to production. Aqua's full lifecycle solution prevents
attacks by enforcing pre-deployment hygiene and mitigates attacks
in real time in production, reducing mean time to repair and
overall business risk. The Aqua Platform, a Cloud Native
Application Protection Platform (CNAPP), integrates security from
Code to Cloud, combining the power of agent and agentless
technology into a single solution. With enterprise scale that
doesn’t slow development pipelines, Aqua secures your future in the
cloud. Founded in 2015, Aqua is headquartered in Boston, MA and
Ramat Gan, IL protecting over 500 of the world’s largest
enterprises. For more information, visit
https://www.aquasec.com.
Contact:media@aquasec.com