Stratoshark is a sibling application for Wireshark which lets you analyze system calls and log messages. It helps people understand, troubleshoot, and secure their systems via system calls and log messages similar to the way Wireshark helps people understand, troubleshoot, and secure their networks via packets.
Stratoshark captures and analyzes system calls and logs using libsinsp and libscap, and can share capture files with the Sysdig command line tool and Falco:
Getting Stratoshark
You can get Windows and macOS packages at https://stratoshark.org/. Native system call captures aren't yet supported on those platforms, but they do come with the Falco CloudTrail plugin, which can pull AWS CloudTrail logs from an S3 bucket or SQS/SNS.
If you wish to use Stratoshark on Linux you will have to build it yourself. Instructions for doing that can be found in the Stratoshark Quick Start guide.
Links
Ecosystem Expansion (What is Stratoshark?) - SharkFest’24 EUROPE Retrospective
Sample Captures
502Error.scap - HAProxy 502 error
404Error.scap - 404 error
scap.gz - Active Kubernetes malware
curl-wsdl-win64.scap - Simple capture of curl downloading a file.
Related Tools
Falco, a cloud native security tool that provides runtime security across hosts, containers, Kubernetes, and cloud environments.
Sysdig, a universal system visibility tool with native support for containers