News

CloudShark Enterprise Adds Deep Search API

May 28, 2026

The Packet Data Is There. Finding It Is the Problem.

Your logs are indexed. Your metrics are queryable. Your alerts get correlated automatically. These systems talk to each other, feed into your SIEM, trigger your SOAR playbooks, and power your dashboards. 

Packet captures just sit there. Everyone agrees they're the most complete record of what happened on your network, but if the only way to search them is by having a human open files, they effectively don't exist for the rest of your toolchain. 

That’s why we’ve built our Deep Search API into CloudShark Enterprise 5.2.

Deep Search, Meet REST API

CloudShark Enterprise has had Deep Search for a while now. You can search across your entire repository of captures using Wireshark display filters, which is already a big deal if you've ever tried to track down a specific session across hundreds of files. 

What's new is that Deep Search is now available as an API endpoint. That means any system or agent that can make an HTTP request can search your captures. 

This sounds simple because it is. But simple changes to how data is accessible tend to have outsized effects on how teams actually work:

  • SIEM validation: Automatically search for relevant PCAPs when an alert fires, so they're already identified before an analyst picks up the ticket. 
  • SOAR enrichment: Include a capture search step in your playbooks that pulls in PCAP links as part of alert enrichment, instead of leaving it as a manual task. 
  • IOC sweeps: Schedule recurring searches against your whole repository when new indicators get published, catching historical exposure in captures from weeks or months ago. 
  • Custom integrations: Any agent, script, or tool that can make an HTTP request can now search your captures programmatically.

In every case, the analyst still does the real work of looking at the traffic and making the call. But they're starting with the right files already found, instead of spending the first chunk of their investigation just locating them. 

Why this matters going forward

The direction of this industry is clear. More automation, more integration between tools, more AI-assisted investigation. The common thread is that your data needs to be accessible to machines, not just people. 

Packet captures have been the holdout. The data is there, the value is obvious, but until now there hasn't been a way for other systems to search it. This API makes your capture repository queryable, which is the prerequisite for plugging packet data into everything else your team is building toward. 

If you've ever thought "we have the captures, we just can't get to them fast enough," this is what you've been waiting for.

More in CloudShark Enterprise 5.2

Our release includes the Deep Search API plus:

  • The ability to search based on packet annotation contents
  • The new conversation graph view powered by Packet Viewer to isolate anomalous traffic flows
  • SNMPv3 decryption that can be set up automatically in capture profiles
  • The ability to customize dissectors via LUA plugins right from the admin interface

And more!

CloudShark Enterprise 5.2 is now available. Need help upgrading? Want to try it in your own organization? Reach out to us here.