Posts in 2021
Detect Malicious Behaviour on Kubernetes API Server through Audit Logs
Saturday, May 22, 2021 in The Falco blog
Introduction We might not know that Falco is not just for detecting malicious behavior that involves making Linux system calls, in addition to that, Falco v0.13.0 adds Kubernetes Audit Events to the list of supported event sources. That means that, …
Kubernetes Response Engine, Part 4: Falcosidekick + Tekton
Friday, May 14, 2021 in The Falco blog
This blog post is part of a series of articles about how to create a Kubernetes response engine with Falco, Falcosidekick and a FaaS. See other posts: Kubernetes Response Engine, Part 1 : Falcosidekick + Kubeless Kubernetes Response Engine, Part 2 …
Kubernetes Response Engine, Part 3: Falcosidekick + Knative
Thursday, May 13, 2021 in The Falco blog
This blog post is part of a series of articles about how to create a Kubernetes response engine with Falco, Falcosidekick and a FaaS. See other posts: Kubernetes Response Engine, Part 1 : Falcosidekick + Kubeless Kubernetes Response Engine, Part 2 …
Falco 0.28.1
Friday, May 07, 2021 in The Falco blog
Today we announce the spring release of Falco 0.28.1 🌱 This is our first patch release of Falco 0.28 that address some issues found. And this release address some security advisories You can take a look at the set of changes here: 0.28.1 As usual, …
Kubernetes Response Engine, Part 2: Falcosidekick + OpenFaas
Sunday, April 11, 2021 in The Falco blog
This blog post is part of a series of articles about how to create a Kubernetes response engine with Falco, Falcosidekick and a FaaS. See other posts: Kubernetes Response Engine, Part 1 : Falcosidekick + Kubeless Kubernetes Response Engine, Part 3 …
Falco 0.28.0 a.k.a. Falco 2021.04
Friday, April 09, 2021 in The Falco blog
Today we announce the spring release of Falco 0.28.0 🌱 This is the second release of Falco during 2021! You can take a look at the set of changes here: 0.28.0 As usual, in case you just want to try out the stable Falco 0.28.0, you can install its …
Falco Security and Monitoring on RKE Bare Metal Cluster with Rancher
Wednesday, March 10, 2021 in The Falco blog
Foreword This article is, like my previous article about OpenEBS and NFS Server Provisioner, a hands-on guide on how to install, configure and monitor your existing cluster with Falco. Background Kubernetes is a great technology and brings many …
Contribution of the drivers and the libraries
Tuesday, February 23, 2021 in The Falco blog
We are excited to announce the contribution from Sysdig Inc. of the kernel module, the eBPF probe, and the libraries to the Cloud Native Computing Foundation. The source code of these components has been moved into the Falco organization. You can …
Falco Performance Testing
Wednesday, January 20, 2021 in The Falco blog
Special Thanks to Leonardo Grasso for assisting me Agenda The agenda of this document is to share the experience and explain the steps followed for the performance testing of Falco application deployed using helm chart on a Kubernetes cluster and …
Falco Rules Now Support Exceptions
Tuesday, January 19, 2021 in The Falco blog
One of the upcoming features in Falco 0.28.0 is support for exceptions in rules. Exceptions are a concise way to represent conditions under which a rule should not generate an alert. Here's a quick example: - rule:Writebelowbinarydir...exceptions:- …