In memory of Kris Nóva

Along with many in the community, we were sad to hear the news of Kris Nóva's passing last week. Nóva was a foundational contributor to Falco. She joined the Falco community when Falco was still a CNCF sandbox project. She made many …

GitLab Container Registry now supports Falcoctl OCI Artifacts

Today, we'd like to share with the Falco community the latest contribution we (w/Emin Aktas) made to GitLab Container Registry. We noticed that GitLab Container Registry didn't support Falcoctl OCI Artifact mediaTypes while we were pushing …

Falcosidekick 2.28.0

It's summertime, it's hot, and many people are on vacation, but the Falco community is still there. Six months after the release of Falcosidekick's latest upgrade, version 2.28.0 becomes officially available. The number of pulls of the …

Validating NIST Requirements with Falco

The NIST organization, a non-regulatory federal agency in the United States, plays a crucial role in establishing guidelines across various domains, including cybersecurity. In this article, we focus on NIST 800-171 compliance checks, which …

Gsoc Week-3 and Week-4 updates

This week I worked on creating parsers for the syscalls that I added previously. I learnt how metadata is extracted from the syscalls to provied user with more context on the triggred syscall. We also compiled Falco's main repository from …

Crafting Falco Rules With MITRE ATT&CK

Introduction: The landscape of cybersecurity attacks has witnessed a notable rise in sophistication and complexity over the last decade, posing significant challenges to organizations in their efforts to identify and counter such threats …

GSoC Week 2 updates

Alright, it's week 2 and I've got some updates. This week I learnt the different nuances and difficulties that comes while trying to compile a project for a new target. In my case it was WebAssemebly. Parts of Falco, which will be used for …

Understanding PCI/DSS Controls with Falco

As organizations increasingly adopt cloud-native systems for sensitive data and operations, ensuring compliance with industry standards like the Payment Card Industry Data Security Standard (PCI DSS) becomes imperative. This standard is …

Adaptive Syscalls Selection in Falco

The release of Falco 0.35.0 is a significant milestone, introducing a groundbreaking feature: the ability to select which syscalls to monitor. This empowers users with granular control, optimizing system performance by reducing CPU load …