Introduction to Falco

β€’ 80 min watch

Meet the Cast

David Flanagan HOST

David Flanagan

@rawkode

Weekly Cloud Native insights

Stay ahead in cloud native

Tutorials, deep dives, and curated eventsβ€”no fluff.

Falco, the open-source cloud-native runtime security project, is the de facto Kubernetes threat detection engine. Falco was created by Sysdig in 2016 and is the first runtime security project to join CNCF as an incubation-level project. Falco detects unexpected application behavior and alerts on threats at runtime.

πŸ•° Timeline

00:00 - Holding screen
01:30 - Introductions
05:40 - What is Falco?
12:40 - Linux requirements for Falco
17:30 - Installing Falco
25:40 - Making Falco angry (Breaking a Falco rule)
31:00 - Falco default rules
43:50 - Manually sending Kubernetes events to Falco web-hook receiver
49:00 - Adding Kubernetes Auditing to Falco
1:02:00 - Triggering Falco from Kubernetes (Storing "secret" in a ConfigMap)
1:10:00 - What is Falco Evolution repository?
1:11:30 - Falco pdig (Userspace Falco)
1:16:10 - Question: Is there a GUI?

🌎 Resources

Falco - https://falco.org
Leo Di Donato - https://twitter.com/leodido
Lorenzo Fontana - https://twitter.com/fntlnz
Falco Evolution - https://github.com/falcosecurity/evolution

Related Videos

Kubernetes Disaster Recovery
19:17

Kubernetes Disaster Recovery

[object Object][object Object]
Flatcar Linux: A Modern OS for the Always-On Infrastructure
51:20

Flatcar Linux: A Modern OS for the Always-On Infrastructure

Platform Engineering: Asking "Why"? with Evelyn Osman
43:56

Platform Engineering: Asking "Why"? with Evelyn Osman

β€ŠToday we had some long conversations about Arc Bash and the future of scripting as well as platforms and the rise and fall of Kubernetes.

Hands-on with Headlamp: The Kubernetes UI
59:07

Hands-on with Headlamp: The Kubernetes UI

Join us as we explore Headlamp β€” an extensible, user-friendly Kubernetes UI. We’ll walk through installing, configuring, customizing, and using it in real time.