Posts in 2021
Contribution of the drivers and the libraries
Tuesday, February 23, 2021 in The Falco blog
We are excited to announce the contribution from Sysdig Inc. of the kernel module, the eBPF probe, and the libraries to the Cloud Native Computing Foundation. The source code of these components has been moved into the Falco organization. You can …
Falco Performance Testing
Wednesday, January 20, 2021 in The Falco blog
Special Thanks to Leonardo Grasso for assisting me Agenda The agenda of this document is to share the experience and explain the steps followed for the performance testing of Falco application deployed using helm chart on a Kubernetes cluster and …
Falco Rules Now Support Exceptions
Tuesday, January 19, 2021 in The Falco blog
One of the upcoming features in Falco 0.28.0 is support for exceptions in rules. Exceptions are a concise way to represent conditions under which a rule should not generate an alert. Here's a quick example: - rule:Writebelowbinarydir...exceptions:- …
Falco 0.27.0 a.k.a. "The happy 2021 release"
Monday, January 18, 2021 in The Falco blog
Today we announce the release of Falco 0.27.0 🥳 This is the first release of 2021! You can take a look at the set of changes here: 0.27.0 As usual, in case you just want to try out the stable Falco 0.27.0, you can install its packages following the …
Falcosidekick + Kubeless = a Kubernetes Response Engine
Friday, January 15, 2021 in The Falco blog
Two years ago, we presented to you a Kubernetes Response Engine based on Falco. The idea was to trigger Kubeless serverless functions for deleting infected pod, start a Sysdig capture or forward the events to GCP PubSub. See the README. To avoid …
Falcosidekick 2020
Tuesday, January 12, 2021 in The Falco blog
This fantastic post from @leodido about how has been the previous year 2020 for falco inspired me (link) I wanted to bring everyone up to speed on what we built for falcosidekick in 2020 Aside a lot of improvments and bug fixes, 8 new outputs have …
An Introduction to Kubernetes Security using Falco
Thursday, January 07, 2021 in The Falco blog
Let’s talk about Kubernetes security As Kubernetes continues to grow in adoption, it is important for us to know how to secure it. In a dynamic infrastructure platform such as Kubernetes, detecting and addressing threats is important but also …
Falco on WSL2 with a custom kernel
Tuesday, January 05, 2021 in The Falco blog
Falco on WSL2 You love Falco, just read the awesome blog Falco in 2020 - The Falco Project, and want to be part of this growing and wonderful community. "But" you are on Windows 10 and wonder how to run it? Well, the wait is over! Follow …
Falco in 2020
Sunday, January 03, 2021 in The Falco blog
The scope of this post is to review the progress of Falco and its community during the pandemic year. A year will never forget. I will try to keep it compact, but Falco, and its community, grown so much this year that I feel like this could be a blog …
Posts in 2020
Security boundaries with Kubernetes and systemd
Thursday, December 10, 2020 in The Falco blog
A familiar scenario Imagine installing a security tool that requires privileged access using the Kubernetes API. Now imagine our cluster is compromised. As an attacker, the first thing I would do would be to ensure that whatever security tool you …