The Falco blog

Blog

Do you have something to share? Contribute to Falco blog!

Rohith Raju Jul 11, 2023

GSoC Week 2 updates

Alright, it's week 2 and I've got some updates. This week I learnt the different nuances and difficulties that comes while trying to compile a project for a new target. In my case it was WebAssemebly. Parts of Falco, which will be used for …

Featured Image for PCI/DSS Controls with Falco

Nigel Douglas Jul 6, 2023

Understanding PCI/DSS Controls with Falco

As organizations increasingly adopt cloud-native systems for sensitive data and operations, ensuring compliance with industry standards like the Payment Card Industry Data Security Standard (PCI DSS) becomes imperative. This standard is …

Melissa Kilby, Roberto Scolaro, Federico Di Pierro Jul 4, 2023

Adaptive Syscalls Selection in Falco

The release of Falco 0.35.0 is a significant milestone, introducing a groundbreaking feature: the ability to select which syscalls to monitor. This empowers users with granular control, optimizing system performance by reducing CPU load …

Lorenzo Susini Jun 29, 2023

Falco 0.35.1

Today we announce the release of Falco 0.35.1 🦅! Novelties 🆕 and Fixes Here is a tiny patch release! It addresses some small bugs that will not bother us and our users anymore: Bug fix in the plugin framework, we can now associate a thread …

Scott Small Jun 28, 2023

Defensive Capabilities for Container & Cloud Threats with Tidal

Recently, a significant compromise was discovered in a user environment, revealing a fascinating cloud operation called SCARLETEEL. This operation was responsible for the theft of valuable proprietary data. The attacker's strategy involved …

Rohith Raju Jun 27, 2023

GSoC Week 1 Reflections

Hello Folks!, my name is Rohith, and I am thrilled to share my experiences and reflections on the first week of the Google Summer of Code (GSoC) period. This is an exhilarating time for participants like myself as we embark on our coding …

Thomas Labarussias Jun 26, 2023

Extend Falco inputs by creating a Plugin: Distribute the plugin

This post is is part of a series of articles about How to develop Falco plugins. It's addressed to anybody who would like to understand how plugins are written and want to contribute. See other articles: Extend Falco inputs by creating a …

Andrea Terzolo, Vicente J. Jiménez Miras Jun 14, 2023

Modern eBPF probe is ready to shine

Introducing the brand-new eBPF probe: a game-changing addition to Falco's toolkit. Curious to learn more? Dive into our first blog post where we spill the beans on its exciting features, what you need to get started, and real-world use …

eBPF

Federico Di Pierro, Andrea Terzolo, Lorenzo Susini Jun 7, 2023

Falco 0.35.0

Dear Community, today we are delighted to announce the release of Falco 0.35.0! A big thank you to all our contributors for helping get the latest release out, we are thrilled to share this release and its goodies with the community. To …

Thomas Labarussias May 30, 2023

Monitoring your EKS clusters audit logs

This blog post is an update of a post of November 2022 At the beginning of the year 2022, Falco introduced a game changing feature, the Falco Plugins. They allow Falco to monitor and trigger alerts for any kind of event. Since the launch …