Posts in 2022
Getting started developing Falco
Monday, April 18, 2022 in The Falco blog
Hello, Falcoers! Interested in Falco and want to contribute your ideas? Feeling stuck because you don't know where to start? No worries, we are here to help! Whether you want Falco to monitor a new system call, add a brand new feature, or solve a …
Analyze Okta Log Events with a Falco Plugin
Friday, March 25, 2022 in The Falco blog
In March 2022, the cybercriminal group LAPSUS$ claimed to have breached Okta, the Identity Platform, only two months earlier, leaving their customers with the uncertainty of having been exposed as well. After a thorough investigation undertaken by …
Falco 0.31.1
Friday, March 11, 2022 in The Falco blog
Today we announce the release of Falco 0.31.1 🦅! Novelties 🆕 Let's review some of the highlights of the new release. New features This release allows you to use multiple --cri command-line options (#1893) to specify multiple CRI socket paths. Note …
Extend Falco inputs by creating a Plugin: Register the plugin
Wednesday, March 02, 2022 in The Falco blog
This post is is part of a series of articles about How to develop Falco plugins. It's addressed to anybody who would like to understand how plugins are written and want to contribute. See other articles: Extend Falco inputs by creating a Plugin: …
Extend Falco inputs by creating a Plugin: the basics
Tuesday, February 15, 2022 in The Falco blog
This post is is part of a series of articles about How to develop Falco plugins. It's adressed to anybody who would like to understand how plugins are written and want to contribute. See other articles: Extend Falco inputs by creating a Plugin: …
Announcing Plugins and Cloud Security with Falco
Wednesday, February 09, 2022 in The Falco blog
The just released Falco v0.31.0 is the result of several months of hard work and includes many exciting new features. One of them, however, is particularly strategic for Falco as a project: the general availability of the plugins framework. I would …
Falco 0.31.0 a.k.a. "the Gyrfalcon"
Monday, January 31, 2022 in The Falco blog
Today we announce the release of Falco 0.31.0, a.k.a the Gyrfalcon 🦅! Gyrfalcons are the largest of the falcon species, just like this version of Falco has the biggest changelog ever released. To give you some metrics, since the last release, the …
Monitoring new syscalls with Falco
Monday, January 17, 2022 in The Falco blog
Falco is currently the de facto standard for runtime threat detection in Kubernetes environments. The project is growing at a very fast pace, and so is its open source community. The role of Falco is to collect all the system events of a cluster and …
Posts in 2021
Security Analytics with SysFlow
Tuesday, December 21, 2021 in The Falco blog
Hello, fellow Falcoers! This blog introduces you to a new open system telemetry format and project called SysFlow. The project has deep ties to Falco, the de facto CNCF cloud-native runtime security project. Falco is exceptional at detecting …
Package Hunter: Detect software supply chain attacks using Falco
Thursday, December 09, 2021 in The Falco blog
GitLab covers the entire software development lifecycle in a single application: From managing, coding, deploying and securing, without forgetting collaboration. However, achieving velocity with confidence, security without sacrifice, and visibility …