The Falco blog

Blog

Do you have something to share? Contribute to Falco blog!

Luca Guerra, Andrea Terzolo, Rohit Raju Sep 26, 2023

Falco 0.36.0

Dear Falco Community, today we are happy to announce the release of Falco 0.36.0! This releases comes as usual with many new features and improvements. Thanks to everyone that worked on all the features, bugfixes and improvements! To read a …

Federico Di Pierro, Aldo Lacuku Sep 21, 2023

Introducing a framework for regression testing against Linux kernels

There are a few foundational technologies that empower the Cloud Native ecosystem. Containers is one. And one of the basis for containerization is the Linux Kernel itself. With Falco, we are developing a runtime security tool that hooks …

Thomas Labarussias Sep 14, 2023

Falcosidekick-UI 2.2.0

Not so long ago, we proudly released a new fantastic release of falcosidekick, it's time for its little brother, falcosidekick-ui to know the same, with the version v2.2.0. Let's take a tour to introduce the most important cool new features …

Anshu Bansal, Rakshit Awasthi, Ashutosh Venkatrao More Sep 11, 2023

Tracing System Calls Using eBPF - Part 1

Introduction: In this article, we will delve into the details of eBPF (extended Berkeley Packet Filter) and explore its significance in tracing system calls. This particular blog will be in two parts; in the first blog, we will discuss …

The Falco Maintainers Aug 23, 2023

In memory of Kris Nóva

Along with many in the community, we were sad to hear the news of Kris Nóva's passing last week. Nóva was a foundational contributor to Falco. She joined the Falco community when Falco was still a CNCF sandbox project. She made many …

Batuhan Apaydın Aug 11, 2023

GitLab Container Registry now supports Falcoctl OCI Artifacts

Today, we'd like to share with the Falco community the latest contribution we (w/Emin Aktas) made to GitLab Container Registry. We noticed that GitLab Container Registry didn't support Falcoctl OCI Artifact mediaTypes while we were pushing …

Thomas Labarussias Jul 28, 2023

Falcosidekick 2.28.0

It's summertime, it's hot, and many people are on vacation, but the Falco community is still there. Six months after the release of Falcosidekick's latest upgrade, version 2.28.0 becomes officially available. The number of pulls of the …

Nigel Douglas Jul 18, 2023

Validating NIST Requirements with Falco

The NIST organization, a non-regulatory federal agency in the United States, plays a crucial role in establishing guidelines across various domains, including cybersecurity. In this article, we focus on NIST 800-171 compliance checks, which …

Rohith Raju Jul 18, 2023

Gsoc Week-3 and Week-4 updates

This week I worked on creating parsers for the syscalls that I added previously. I learnt how metadata is extracted from the syscalls to provied user with more context on the triggred syscall. We also compiled Falco's main repository from …

Anshu Bansal, Ashutosh Venkatrao More Jul 16, 2023

Crafting Falco Rules With MITRE ATT&CK

Introduction: The landscape of cybersecurity attacks has witnessed a notable rise in sophistication and complexity over the last decade, posing significant challenges to organizations in their efforts to identify and counter such threats …

Falco