Blog
Do you have something to share? Contribute to Falco blog!
Adaptive Syscalls Selection in Falco
The release of Falco 0.35.0 is a significant milestone, introducing a groundbreaking feature: the ability to select which syscalls to monitor. This empowers users with granular control, optimizing system performance by reducing CPU load …
Defensive Capabilities for Container & Cloud Threats with Tidal
Recently, a significant compromise was discovered in a user environment, revealing a fascinating cloud operation called SCARLETEEL. This operation was responsible for the theft of valuable proprietary data. The attacker's strategy involved …
Extend Falco inputs by creating a Plugin: Distribute the plugin
This post is is part of a series of articles about How to develop Falco plugins. It's addressed to anybody who would like to understand how plugins are written and want to contribute. See other articles: Extend Falco inputs by creating a …
Modern eBPF probe is ready to shine
Introducing the brand-new eBPF probe: a game-changing addition to Falco's toolkit. Curious to learn more? Dive into our first blog post where we spill the beans on its exciting features, what you need to get started, and real-world use …
Falco 0.35.0
Dear Community, today we are delighted to announce the release of Falco 0.35.0! A big thank you to all our contributors for helping get the latest release out, we are thrilled to share this release and its goodies with the community. To …
Monitoring your EKS clusters audit logs
This blog post is an update of a post of November 2022 At the beginning of the year 2022, Falco introduced a game changing feature, the Falco Plugins. They allow Falco to monitor and trigger alerts for any kind of event. Since the launch …
Add prebuilt drivers for new distro
Hi everyone! Today we are going to learn how to add support for a new distro prebuilt drivers. There are multiple repositories involved with it, and while most of the time it should be a pretty simple job, other times it can become really …
