RSS

Posts in 2021

  • Falco Performance Testing

    Wednesday, January 20, 2021 in The Falco blog

    Special Thanks to Leonardo Grasso for assisting me Agenda The agenda of this document is to share the experience and explain the steps followed for the performance testing of Falco application deployed using helm chart on a Kubernetes cluster and …

    Read more

  • Falco Rules Now Support Exceptions

    Tuesday, January 19, 2021 in The Falco blog

    One of the upcoming features in Falco 0.28.0 is support for exceptions in rules. Exceptions are a concise way to represent conditions under which a rule should not generate an alert. Here's a quick example: - rule:Writebelowbinarydir...exceptions:- …

    Read more

  • Falco 0.27.0 a.k.a. "The happy 2021 release"

    Monday, January 18, 2021 in The Falco blog

    Today we announce the release of Falco 0.27.0 🥳 This is the first release of 2021! You can take a look at the set of changes here: 0.27.0 As usual, in case you just want to try out the stable Falco 0.27.0, you can install its packages following the …

    Read more

  • Falcosidekick + Kubeless = a Kubernetes Response Engine

    Friday, January 15, 2021 in The Falco blog

    Two years ago, we presented to you a Kubernetes Response Engine based on Falco. The idea was to trigger Kubeless serverless functions for deleting infected pod, start a Sysdig capture or forward the events to GCP PubSub. See the README. To avoid …

    Read more

  • Falcosidekick 2020

    Tuesday, January 12, 2021 in The Falco blog

    This fantastic post from @leodido about how has been the previous year 2020 for falco inspired me (link) I wanted to bring everyone up to speed on what we built for falcosidekick in 2020 Aside a lot of improvments and bug fixes, 8 new outputs have …

    Read more

  • An Introduction to Kubernetes Security using Falco

    Thursday, January 07, 2021 in The Falco blog

    Let’s talk about Kubernetes security As Kubernetes continues to grow in adoption, it is important for us to know how to secure it. In a dynamic infrastructure platform such as Kubernetes, detecting and addressing threats is important but also …

    Read more

  • Falco on WSL2 with a custom kernel

    Tuesday, January 05, 2021 in The Falco blog

    Falco on WSL2 You love Falco, just read the awesome blog Falco in 2020 - The Falco Project, and want to be part of this growing and wonderful community. "But" you are on Windows 10 and wonder how to run it? Well, the wait is over! Follow …

    Read more

  • Falco in 2020

    Sunday, January 03, 2021 in The Falco blog

    The scope of this post is to review the progress of Falco and its community during the pandemic year. A year will never forget. I will try to keep it compact, but Falco, and its community, grown so much this year that I feel like this could be a blog …

    Read more

Posts in 2020

  • Security boundaries with Kubernetes and systemd

    Thursday, December 10, 2020 in The Falco blog

    A familiar scenario Imagine installing a security tool that requires privileged access using the Kubernetes API. Now imagine our cluster is compromised. As an attacker, the first thing I would do would be to ensure that whatever security tool you …

    Read more

  • Falco 0.26.2 a.k.a. "the download.falco.org release"

    Tuesday, November 10, 2020 in The Falco blog

    Today we announce the release of Falco 0.26.2 🥳 This one is a hotfix release for the Falco 0.26.1 released on October 1st. You can take a look at the set of changes here: 0.26.2 As usual, in case you just want to try out the stable Falco 0.26.2, …

    Read more