Introduction to Falco

Falco, the open-source cloud-native runtime security project, is the de facto Kubernetes threat detection engine. Falco was created by Sysdig in 2016 and is the first runtime security project to join CNCF as an incubation-level project. Falco detects unexpected application behavior and alerts on threats at runtime.

🕰 Timeline

00:00 - Holding screen
01:30 - Introductions
05:40 - What is Falco?
12:40 - Linux requirements for Falco
17:30 - Installing Falco
25:40 - Making Falco angry (Breaking a Falco rule)
31:00 - Falco default rules
43:50 - Manually sending Kubernetes events to Falco web-hook receiver
49:00 - Adding Kubernetes Auditing to Falco
1:02:00 - Triggering Falco from Kubernetes (Storing "secret" in a ConfigMap)
1:10:00 - What is Falco Evolution repository?
1:11:30 - Falco pdig (Userspace Falco)
1:16:10 - Question: Is there a GUI?

🌎 Resources

Falco - https://falco.org
Leo Di Donato - https://twitter.com/leodido
Lorenzo Fontana - https://twitter.com/fntlnz
Falco Evolution - https://github.com/falcosecurity/evolution

Resources related to this video will be displayed here, including links, downloads, and additional materials.