Rules Examples
Several examples of Falco Rules
Here are some examples of the types of behavior falco can detect.
For a more comprehensive set of examples, see the full rules file at falco_rules.yaml
.
A shell is run in a container
Unexpected outbound Elasticsearch connection
Write to directory holding system binaries
Non-authorized container namespace change
Non-device files written in /dev (some rootkits do this)
Process other than skype/webex tries to access camera
Was this page helpful?
Let us know! You feedback will help us to improve the content and to stay in touch with our users.
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.