Jaws close on Linux malware with Aqua Security Traceeshark
Cloud-native software tools company Aqua Security has made note of Traceeshark, a plug-in for Wireshark designed to allow software practitioners to investigate security incidents.
Wireshark is an open source network analyzer that can capture and display real-time details of network traffic. As clarified by Katie Terrell Hanna on TechTarget, it is particularly useful for troubleshooting network issues, analysing network protocols and ensuring network security.
Traceeshark enhances the capabilities of Aqua Tracee, an open source runtime security and forensics tool for Linux.
It enables users to analyse kernel-level event and behavioural detection alongside network traffic.
Aqua Tracee is positioned as a robust runtime security and forensics tool.
It uses eBPF technology to trace systems and applications at runtime and detect suspicious behaviours.
Laborious lugubriousness
Because analysing the vast amount of data generated by Tracee has traditionally been a manual and labour-intensive process, Traceeshark promises to revolutionise this process by integrating with Wireshark, and using its investigation and filtering capabilities.
“Traceeshark opens up a whole new world of capabilities for dynamic analysis of Linux malware, forensics, kernel hacking and more,” said Idan Revivo, VP of cyber security research of Aqua Security. “We are excited to provide security practitioners and developers with this new tool as part of our ongoing commitment to open source innovation and community collaboration. By providing powerful and accessible tools like Traceeshark, we can continue to drive the security industry forward.”
With Traceeshark, users can now visually and interactively analyse system activity alongside network traffic events, providing insights into both system and network activities.
Traceeshark simplifies complex security investigations by merging Tracee’s system event data with network packet analysis with full context of the container and process. This technology is the latest addition to Aqua’s open source community with its tens of thousands of users and over 40,000 combined GitHub stars. It also includes Trivy, an open source vulnerability and risk scanner, which has a good community of users and contributors.