kubeshark
by kubeshark
Kubeshark provides eBPF-powered network observability for Kubernetes, enabling AI agents and humans to query and analyze L4/L7 traffic with full Kubernetes context, even decrypting TLS without keys.
eBPF-powered network observability for Kubernetes. Indexes L4/L7 traffic with full K8s context, decrypts TLS without keys. Queryable by AI agents via MCP and humans via dashboard.
Primary Use Case
Kubeshark is designed for Site Reliability Engineers (SREs) and security operations teams working with Kubernetes. It allows for deep inspection of network traffic within the cluster, aiding in incident response, threat hunting, and root cause analysis by providing context-rich, queryable data and enabling AI-driven investigations.
- eBPF-powered kernel-level network indexing
- Cluster-wide L4/L7 traffic observability
- Automatic TLS/mTLS decryption without keys or sidecars
- Queryable network data with Kubernetes, API, and network semantics
- Integration with AI agents via MCP for automated analysis
- Downloadable retrospective PCAPs
- Real-time network data visualization dashboard
Installation
- Add Helm repository: `helm repo add kubeshark https://helm.kubeshark.com`
- Install Kubeshark: `helm install kubeshark kubeshark/kubeshark`
- Port-forward to access dashboard: `kubectl port-forward svc/kubeshark-front 8899:80`
- Install Kubeshark CLI (for AI integration): `brew install kubeshark`
Usage
>_ helm install kubeshark kubeshark/kubesharkInstalls Kubeshark into the Kubernetes cluster using Helm.
>_ kubectl port-forward svc/kubeshark-front 8899:80Forwards local port 8899 to the Kubeshark dashboard service for access in a browser.
>_ http://localhost:8899URL to access the Kubeshark dashboard in a web browser after port-forwarding.
>_ brew install kubesharkInstalls the Kubeshark command-line interface tool.
>_ claude mcp add kubeshark -- kubeshark mcpConnects an AI agent (like Claude) to Kubeshark via the MCP protocol.
>_ /plugin marketplace add kubeshark/kubesharkAdds the Kubeshark AI skills to the plugin marketplace (e.g., for Claude Code).
>_ /plugin install kubesharkInstalls the Kubeshark AI skills.
- Can be used to detect anomalous network behavior indicative of C2 communication by analyzing traffic patterns and destination IPs.
- Leverage AI integration to automatically correlate network events with known threat intelligence feeds for faster incident triage.
- Automate the generation of retrospective PCAPs for specific suspicious workloads or IP ranges identified by AI analysis, aiding in deep-dive investigations.
- Integrate with CI/CD pipelines to monitor network traffic during deployments, identifying potential misconfigurations or unauthorized service communication.
- Use the TLS decryption feature to analyze the content of encrypted traffic for sensitive data exfiltration attempts or the presence of malicious payloads.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about kubeshark. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
This tool hasn't been indexed yet. Request indexing to enable AI chat.
Admin will review your request within 24 hours
Related Tools
grafana
grafana/grafana
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
PowerShell
PowerShell/PowerShell
PowerShell for every system!
wazuh
wazuh/wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
awx
ansible/awx
AWX provides a web-based user interface, REST API, and task engine built on top of Ansible. It is one of the upstream projects for Red Hat Ansible Automation Platform.
awesome-security
sbilly/awesome-security
A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
crowdsec
crowdsecurity/crowdsec
CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.