The Falco blog

Blog

Do you have something to share? Contribute to Falco blog!

Batuhan Apaydın May 22, 2021

Detect Malicious Behaviour on Kubernetes API Server through Audit Logs

Introduction We might not know that Falco is not just for detecting malicious behavior that involves making Linux system calls, in addition to that, Falco v0.13.0 adds Kubernetes Audit Events to the list of supported event sources. That …

Edvin Norling May 14, 2021

Kubernetes Response Engine, Part 4: Falcosidekick + Tekton

This blog post is part of a series of articles about how to create a Kubernetes response engine with Falco, Falcosidekick and a FaaS. See other posts: Kubernetes Response Engine, Part 1 : Falcosidekick + Kubeless Kubernetes Response …

Scott Nichols and Dan Papandrea May 13, 2021

Kubernetes Response Engine, Part 3: Falcosidekick + Knative

Carlos Panato May 7, 2021

Falco 0.28.1

Today we announce the spring release of Falco 0.28.1 🌱 This is our first patch release of Falco 0.28 that address some issues found. And this release address some security advisories You can take a look at the set of changes here: 0.28.1 As …

Batuhan Apaydın Apr 11, 2021

Kubernetes Response Engine, Part 2: Falcosidekick + OpenFaas

Leonardo Di Donato Apr 9, 2021

Falco 0.28.0 a.k.a. Falco 2021.04

Today we announce the spring release of Falco 0.28.0 🌱 This is the second release of Falco during 2021! You can take a look at the set of changes here: 0.28.0 As usual, in case you just want to try out the stable Falco 0.28.0, you can …

Frank Jogeleit Mar 10, 2021

Falco Security and Monitoring on RKE Bare Metal Cluster with Rancher

Foreword This article is, like my previous article about OpenEBS and NFS Server Provisioner, a hands-on guide on how to install, configure and monitor your existing cluster with Falco. Background Kubernetes is a great technology and brings …

Leonardo Di Donato, Leonardo Grasso Feb 23, 2021

Contribution of the drivers and the libraries

We are excited to announce the contribution from Sysdig Inc. of the kernel module, the eBPF probe, and the libraries to the Cloud Native Computing Foundation. The source code of these components has been moved into the Falco organization. …

Samar Sidharth Jan 20, 2021

Falco Performance Testing

Special Thanks to Leonardo Grasso for assisting me Agenda The agenda of this document is to share the experience and explain the steps followed for the performance testing of Falco application deployed using helm chart on a Kubernetes …

Mark Stemm Jan 19, 2021

Falco Rules Now Support Exceptions

One of the upcoming features in Falco 0.28.0 is support for exceptions in rules. Exceptions are a concise way to represent conditions under which a rule should not generate an alert. Here's a quick example: - rule: Write below binary dir …