Posts in 2022
Monitoring new syscalls with Falco
Monday, January 17, 2022 in The Falco blog
Falco is currently the de facto standard for runtime threat detection in Kubernetes environments. The project is growing at a very fast pace, and so is its open source community. The role of Falco is to collect all the system events of a cluster and …
Posts in 2021
Security Analytics with SysFlow
Tuesday, December 21, 2021 in The Falco blog
Hello, fellow Falcoers! This blog introduces you to a new open system telemetry format and project called SysFlow. The project has deep ties to Falco, the de facto CNCF cloud-native runtime security project. Falco is exceptional at detecting …
Package Hunter: Detect software supply chain attacks using Falco
Thursday, December 09, 2021 in The Falco blog
GitLab covers the entire software development lifecycle in a single application: From managing, coding, deploying and securing, without forgetting collaboration. However, achieving velocity with confidence, security without sacrifice, and visibility …
Falco Plugins Early Access
Tuesday, October 12, 2021 in The Falco blog
One of the upcoming features in Falco that we're really excited about is the ability to extend Falco's functionality by using plugins. We'll be demoing this capability during Kubecon North America 2021. Specifically, we'll be showing the support for …
Falco 0.30.0
Friday, October 01, 2021 in The Falco blog
Today we announce the fall release of Falco 0.30.0 🌱 This version includes new features, important fixes, and an exciting proposal for a libs plugin system! Novelties 🆕 Let's review some of the highlights of the new release. New features and fixes …
Kubernetes Response Engine, Part 9: Falcosidekick + Fission
Wednesday, September 01, 2021 in The Falco blog
This blog post is part of a series of articles about how to create a Kubernetes response engine with Falco, Falcosidekick and a FaaS. See other posts: Kubernetes Response Engine, Part 1 : Falcosidekick + Kubeless Kubernetes Response Engine, Part 2 …
Kubernetes Response Engine, Part 8: Falcosidekick + Flux v2
Tuesday, August 31, 2021 in The Falco blog
This blog post is part of a series of articles about how to create a Kubernetes response engine with Falco, Falcosidekick and a FaaS. See other posts: Kubernetes Response Engine, Part 1 : Falcosidekick + Kubeless Kubernetes Response Engine, Part 2 …
Detect Malicious Behaviour on Kubernetes API Server through gathering Audit Logs by using FluentBit - Part 2
Thursday, July 22, 2021 in The Falco blog
Introduction In the previous blog post, we had talked about the Audit Logs in more detail, this post is a continuation of the previous blog post, so I suggest you take a look at the previous blog post before continuing reading. The only difference in …
Kubernetes Response Engine, Part 7: Falcosidekick + Cloud Functions
Tuesday, June 29, 2021 in The Falco blog
This blog post is part of a series of articles about how to create a Kubernetes response engine with Falco, Falcosidekick and a FaaS. See other posts: Kubernetes Response Engine, Part 1 : Falcosidekick + Kubeless Kubernetes Response Engine, Part 2 …
Kubernetes Response Engine, Part 6: Falcosidekick + Cloud Run
Friday, June 25, 2021 in The Falco blog
This blog post is part of a series of articles about how to create a Kubernetes response engine with Falco, Falcosidekick and a FaaS. See other posts: Kubernetes Response Engine, Part 1 : Falcosidekick + Kubeless Kubernetes Response Engine, Part 2 …