Blog
Do you have something to share? Contribute to Falco blog!
Getting started developing Falco
Hello, Falcoers! Interested in Falco and want to contribute your ideas? Feeling stuck because you don't know where to start? No worries, we are here to help! Whether you want Falco to monitor a new system call, add a brand new feature, or …
Analyze Okta Log Events with a Falco Plugin
In March 2022, the cybercriminal group LAPSUS$ claimed to have breached Okta, the Identity Platform, only two months earlier, leaving their customers with the uncertainty of having been exposed as well. After a thorough investigation …
Extend Falco inputs by creating a Plugin: Register the plugin
This post is is part of a series of articles about How to develop Falco plugins. It's addressed to anybody who would like to understand how plugins are written and want to contribute. See other articles: Extend Falco inputs by creating a …
Extend Falco inputs by creating a Plugin: the basics
This post is is part of a series of articles about How to develop Falco plugins. It's adressed to anybody who would like to understand how plugins are written and want to contribute. See other articles: Extend Falco inputs by creating a …
Announcing Plugins and Cloud Security with Falco
The just released Falco v0.31.0 is the result of several months of hard work and includes many exciting new features. One of them, however, is particularly strategic for Falco as a project: the general availability of the plugins framework. …
Falco 0.31.0 a.k.a. "the Gyrfalcon"
Today we announce the release of Falco 0.31.0, a.k.a the Gyrfalcon 🦅! Gyrfalcons are the largest of the falcon species, just like this version of Falco has the biggest changelog ever released. To give you some metrics, since the last …
Monitoring new syscalls with Falco
Falco is currently the de facto standard for runtime threat detection in Kubernetes environments. The project is growing at a very fast pace, and so is its open source community. The role of Falco is to collect all the system events of a …
Security Analytics with SysFlow
Hello, fellow Falcoers! This blog introduces you to a new open system telemetry format and project called SysFlow. The project has deep ties to Falco, the de facto CNCF cloud-native runtime security project. Falco is exceptional at …
Package Hunter: Detect software supply chain attacks using Falco
GitLab covers the entire software development lifecycle in a single application: From managing, coding, deploying and securing, without forgetting collaboration. However, achieving velocity with confidence, security without sacrifice, and …