Introduction to Falco
Meet the Cast
HOST
David Flanagan
@rawkode
Stay ahead in cloud native
Tutorials, deep dives, and curated eventsβno fluff.
Falco, the open-source cloud-native runtime security project, is the de facto Kubernetes threat detection engine. Falco was created by Sysdig in 2016 and is the first runtime security project to join CNCF as an incubation-level project. Falco detects unexpected application behavior and alerts on threats at runtime.
π° Timeline
00:00 - Holding screen
01:30 - Introductions
05:40 - What is Falco?
12:40 - Linux requirements for Falco
17:30 - Installing Falco
25:40 - Making Falco angry (Breaking a Falco rule)
31:00 - Falco default rules
43:50 - Manually sending Kubernetes events to Falco web-hook receiver
49:00 - Adding Kubernetes Auditing to Falco
1:02:00 - Triggering Falco from Kubernetes (Storing "secret" in a ConfigMap)
1:10:00 - What is Falco Evolution repository?
1:11:30 - Falco pdig (Userspace Falco)
1:16:10 - Question: Is there a GUI?
π Resources
Falco - https://falco.org
Leo Di Donato - https://twitter.com/leodido
Lorenzo Fontana - https://twitter.com/fntlnz
Falco Evolution - https://github.com/falcosecurity/evolution
Related Videos
Fuck you, Hashicorp ... an IBM Company.
HashiCorp archived the repo without warning. Here is why their excuse about "product market fit" is a lie.
Replace Your GitHub Actions YAML with CUE
Are you tired of copy-pasting YAML between repositories only to be bitten by typos after pushing?
MinIO, we won't miss you.
MinIO just announced maintenance mode for their community edition β and honestly? Good riddance.
Relaunching Klustered ... with Heroku Vibes
Building and Launching a Marketing Page on Heroku with AI in Under 20 Minutes
Comments