Introduction to Falco
Falco, the open-source cloud-native runtime security project, is the de facto Kubernetes threat detection engine. Falco was created by Sysdig in 2016 and is the first runtime security project to join CNCF as an incubation-level project. Falco detects unexpected application behavior and alerts on threats at runtime.
š° Timeline
00:00 - Holding screen
01:30 - Introductions
05:40 - What is Falco?
12:40 - Linux requirements for Falco
17:30 - Installing Falco
25:40 - Making Falco angry (Breaking a Falco rule)
31:00 - Falco default rules
43:50 - Manually sending Kubernetes events to Falco web-hook receiver
49:00 - Adding Kubernetes Auditing to Falco
1:02:00 - Triggering Falco from Kubernetes (Storing "secret" in a ConfigMap)
1:10:00 - What is Falco Evolution repository?
1:11:30 - Falco pdig (Userspace Falco)
1:16:10 - Question: Is there a GUI?
š Resources
Falco - https://falco.org
Leo Di Donato - https://twitter.com/leodido
Lorenzo Fontana - https://twitter.com/fntlnz
Falco Evolution - https://github.com/falcosecurity/evolution
Technologies used in this video
Related Videos

Hands-On with Preq - Community-Driven Reliability Problem Detection
Join us for an exclusive live stream as we explore Preq (pronounced "preek"), the free and open-source tool that's revolutionizing how teams detect and prevent reliability issues before customers noti

Hands-On with Kairos - Edge Kubernetes Made Simple
Join us for an exclusive live stream as we dive deep into Kairos, the open-source project that's revolutionizing OS lifecycle management across edge, cloud, and bare metal environments!

Hands-on Introduction to k0rdent
**Hands-on Introduction to k0rdent**

Comments