You are viewing documentation for Falco version: v0.27.0

Falco v0.27.0 documentation is no longer actively maintained. The version you are currently viewing is a static snapshot. For up-to-date documentation, see the latest version.

Posts in 2021

  • Falco Security and Monitoring on RKE Bare Metal Cluster with Rancher

    Wednesday, March 10, 2021 in The Falco blog

    Foreword This article is, like my previous article about OpenEBS and NFS Server Provisioner, a hands-on guide on how to install, configure and monitor your existing cluster with Falco. Background Kubernetes is a great technology and brings many …

    Read more

  • Contribution of the drivers and the libraries

    Tuesday, February 23, 2021 in The Falco blog

    We are excited to announce the contribution from Sysdig Inc. of the kernel module, the eBPF probe, and the libraries to the Cloud Native Computing Foundation. The source code of these components has been moved into the Falco organization. You can …

    Read more

  • Falco Performance Testing

    Wednesday, January 20, 2021 in The Falco blog

    Special Thanks to Leonardo Grasso for assisting me Agenda The agenda of this document is to share the experience and explain the steps followed for the performance testing of Falco application deployed using helm chart on a Kubernetes cluster and …

    Read more

  • Falco Rules Now Support Exceptions

    Tuesday, January 19, 2021 in The Falco blog

    One of the upcoming features in Falco 0.28.0 is support for exceptions in rules. Exceptions are a concise way to represent conditions under which a rule should not generate an alert. Here's a quick example: - rule:Writebelowbinarydir...exceptions:- …

    Read more

  • Falco 0.27.0 a.k.a. "The happy 2021 release"

    Monday, January 18, 2021 in The Falco blog

    Today we announce the release of Falco 0.27.0 🥳 This is the first release of 2021! You can take a look at the set of changes here: 0.27.0 As usual, in case you just want to try out the stable Falco 0.27.0, you can install its packages following the …

    Read more

  • Falcosidekick + Kubeless = a Kubernetes Response Engine

    Friday, January 15, 2021 in The Falco blog

    Two years ago, we presented to you a Kubernetes Response Engine based on Falco. The idea was to trigger Kubeless serverless functions for deleting infected pod, start a Sysdig capture or forward the events to GCP PubSub. See the README. To avoid …

    Read more

  • Falcosidekick 2020

    Tuesday, January 12, 2021 in The Falco blog

    This fantastic post from @leodido about how has been the previous year 2020 for falco inspired me (link) I wanted to bring everyone up to speed on what we built for falcosidekick in 2020 Aside a lot of improvments and bug fixes, 8 new outputs have …

    Read more

  • An Introduction to Kubernetes Security using Falco

    Thursday, January 07, 2021 in The Falco blog

    Let’s talk about Kubernetes security As Kubernetes continues to grow in adoption, it is important for us to know how to secure it. In a dynamic infrastructure platform such as Kubernetes, detecting and addressing threats is important but also …

    Read more

  • Falco on WSL2 with a custom kernel

    Tuesday, January 05, 2021 in The Falco blog

    Falco on WSL2 You love Falco, just read the awesome blog Falco in 2020 - The Falco Project, and want to be part of this growing and wonderful community. "But" you are on Windows 10 and wonder how to run it? Well, the wait is over! Follow …

    Read more

  • Falco in 2020

    Sunday, January 03, 2021 in The Falco blog

    The scope of this post is to review the progress of Falco and its community during the pandemic year. A year will never forget. I will try to keep it compact, but Falco, and its community, grown so much this year that I feel like this could be a blog …

    Read more