RSS

Posts in 2022

  • Analyze Okta Log Events with a Falco Plugin

    Friday, March 25, 2022 By Thomas Labarussias

    In March 2022, the cybercriminal group LAPSUS$ claimed to have breached Okta, the Identity Platform, only two months earlier, leaving their customers with the uncertainty of having been exposed as well. After a thorough investigation undertaken by …

    Read more

  • Falco 0.31.1

    Friday, March 11, 2022 By Luca Guerra

    Today we announce the release of Falco 0.31.1 🦅! Novelties 🆕 Let's review some of the highlights of the new release. New features This release allows you to use multiple --cri command-line options (#1893) to specify multiple CRI socket paths. Note …

    Read more

  • Extend Falco inputs by creating a Plugin: Register the plugin

    Wednesday, March 02, 2022 By Thomas Labarussias

    This post is is part of a series of articles about How to develop Falco plugins. It's addressed to anybody who would like to understand how plugins are written and want to contribute. See other articles: Extend Falco inputs by creating a Plugin: the …

    Read more

  • Extend Falco inputs by creating a Plugin: the basics

    Tuesday, February 15, 2022 By Thomas Labarussias

    This post is is part of a series of articles about How to develop Falco plugins. It's adressed to anybody who would like to understand how plugins are written and want to contribute. See other articles: Extend Falco inputs by creating a Plugin: …

    Read more

  • Announcing Plugins and Cloud Security with Falco

    Wednesday, February 09, 2022 By Loris Degioanni

    The just released Falco v0.31.0 is the result of several months of hard work and includes many exciting new features. One of them, however, is particularly strategic for Falco as a project: the general availability of the plugins framework. I would …

    Read more

  • Falco 0.31.0 a.k.a. "the Gyrfalcon"

    Monday, January 31, 2022 By Jason Dellaluce, Leonardo Grasso

    Today we announce the release of Falco 0.31.0, a.k.a the Gyrfalcon 🦅! Gyrfalcons are the largest of the falcon species, just like this version of Falco has the biggest changelog ever released. To give you some metrics, since the last release, the …

    Read more

  • Monitoring new syscalls with Falco

    Monday, January 17, 2022 By Jason Dellaluce, Federico Di Pierro

    Falco is currently the de facto standard for runtime threat detection in Kubernetes environments. The project is growing at a very fast pace, and so is its open source community. The role of Falco is to collect all the system events of a cluster and …

    Read more

Posts in 2021

  • Security Analytics with SysFlow

    Tuesday, December 21, 2021 By Frederico Araujo & Teryl Taylor, IBM Research

    Hello, fellow Falcoers! This blog introduces you to a new open system telemetry format and project called SysFlow. The project has deep ties to Falco, the de facto CNCF cloud-native runtime security project. Falco is exceptional at detecting …

    Read more

  • Package Hunter: Detect software supply chain attacks using Falco

    Thursday, December 09, 2021 By Nate Magee, Vicente J. Jiménez Miras

    GitLab covers the entire software development lifecycle in a single application: From managing, coding, deploying and securing, without forgetting collaboration. However, achieving velocity with confidence, security without sacrifice, and visibility …

    Read more

  • Falco Plugins Early Access

    Tuesday, October 12, 2021 By Mark Stemm

    One of the upcoming features in Falco that we're really excited about is the ability to extend Falco's functionality by using plugins. We'll be demoing this capability during Kubecon North America 2021. Specifically, we'll be showing the support for …

    Read more