Falco Links Real-Time Detection with Forensic-Level Analysis in the Cloud Native Stack

New integration connects Falco alerts to Stratoshark’s forensic tools, delivering Wireshark-style visibility into system call and audit log data Key Highlights Falco, a CNCF graduated project, now integrates with Stratoshark to connect real-time security alerts with forensic-level capture and analysis tools. Security teams can instantly pivot from detection to deep investigation without switching tools, reducing response time and improving root cause analysis. Platform and security teams working across Kubernetes, containerized environments, and hybrid/multicloud infrastructure. Available now; demonstrated live at KubeCon + CloudNativeCon North America 2025 in Atlanta. ATLANTA—KUBECON + CLOUDNATIVECON NORTH AMERICA, Nov. 10, 2025 — The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, today announced new integrations between Falco , a graduated project, and Stratoshark , a forensic tool inspired by Wireshark. With this release, Falco alerts can now trigger precise forensic captures, allowing real-time threat detection to be paired with deeper event analysis. Security and platform teams have long faced challenges bringing together real-time threat detection and the detailed forensic visibility needed for effective incident response. Historically, security analysts and incident responders relied on separate tools to manually capture full system-call activity, producing large volumes of unfiltered data that often slowed down investigations and complicated incident resolution. Falco Captures provides on-demand event recording, enabling alerts when a security rule triggers. Each triggered alert comes with an automatically recorded trail of system calls, ready for immediate replay and inspection, equipping security analysts with precise, actionable insight. “We’ve long seen how alerts without context force a time‑costly hunt,” said Leonardo Grasso, core maintainer of Falco.