The Falco blog

Blog

Do you have something to share? Contribute to Falco blog!

Lorenzo Susini Jun 29, 2023

Falco 0.35.1

Today we announce the release of Falco 0.35.1 🦅! Novelties 🆕 and Fixes Here is a tiny patch release! It addresses some small bugs that will not bother us and our users anymore: Bug fix in the plugin framework, we can now associate a thread …

Scott Small Jun 28, 2023

Defensive Capabilities for Container & Cloud Threats with Tidal

Recently, a significant compromise was discovered in a user environment, revealing a fascinating cloud operation called SCARLETEEL. This operation was responsible for the theft of valuable proprietary data. The attacker's strategy involved …

Rohith Raju Jun 27, 2023

GSoC Week 1 Reflections

Hello Folks!, my name is Rohith, and I am thrilled to share my experiences and reflections on the first week of the Google Summer of Code (GSoC) period. This is an exhilarating time for participants like myself as we embark on our coding …

Thomas Labarussias Jun 26, 2023

Extend Falco inputs by creating a Plugin: Distribute the plugin

This post is is part of a series of articles about How to develop Falco plugins. It's addressed to anybody who would like to understand how plugins are written and want to contribute. See other articles: Extend Falco inputs by creating a …

Andrea Terzolo, Vicente J. Jiménez Miras Jun 14, 2023

Modern eBPF probe is ready to shine

Introducing the brand-new eBPF probe: a game-changing addition to Falco's toolkit. Curious to learn more? Dive into our first blog post where we spill the beans on its exciting features, what you need to get started, and real-world use …

eBPF

Federico Di Pierro, Andrea Terzolo, Lorenzo Susini Jun 7, 2023

Falco 0.35.0

Dear Community, today we are delighted to announce the release of Falco 0.35.0! A big thank you to all our contributors for helping get the latest release out, we are thrilled to share this release and its goodies with the community. To …

Thomas Labarussias May 30, 2023

Monitoring your EKS clusters audit logs

This blog post is an update of a post of November 2022 At the beginning of the year 2022, Falco introduced a game changing feature, the Falco Plugins. They allow Falco to monitor and trigger alerts for any kind of event. Since the launch …

Vicente J. Jiménez Miras May 12, 2023

GitOps your Falco Rules

Falco rules management has been a discussed topic for quite a long time. When we start building and customizing rules for our environment, we need a simple way to effectively update and distribute them to our Falco fleet. Starting from …

Federico Di Pierro May 4, 2023

Add prebuilt drivers for new distro

Hi everyone! Today we are going to learn how to add support for a new distro prebuilt drivers. There are multiple repositories involved with it, and while most of the time it should be a pretty simple job, other times it can become really …

Jacque Salinas Apr 25, 2023

Falco Community Survey 2023

TLDR; Falco users prefer deploying on AWS and adopting it for security threat detection, auditing and compliance, and sandbox testing. Security and DevOps teams are the most common users of Falco. The official Helm chart and official …