š§ This platform open-source and is in early development. We welcome feature requests and pull requests! š
Introduction to Falco
Falco, the open-source cloud-native runtime security project, is the de facto Kubernetes threat detection engine. Falco was created by Sysdig in 2016 and is the first runtime security project to join CNCF as an incubation-level project. Falco detects unexpected application behavior and alerts on threats at runtime.š° Timeline00:00 - Holding screen01:30 - Introductions05:40 - What is Falco?12:40 - Linux requirements for Falco17:30 - Installing Falco25:40 - Making Falco angry (Breaking a Falco rule)31:00 - Falco default rules43:50 - Manually sending Kubernetes events to Falco web-hook receiver49:00 - Adding Kubernetes Auditing to Falco1:02:00 - Triggering Falco from Kubernetes (Storing "secret" in a ConfigMap)1:10:00 - What is Falco Evolution repository?1:11:30 - Falco pdig (Userspace Falco)1:16:10 - Question: Is there a GUI?š ResourcesFalco - https://falco.orgLeo Di Donato - https://twitter.com/leodidoLorenzo Fontana - https://twitter.com/fntlnzFalco Evolution - https://github.com/falcosecurity/evolution