-
**Motivation**
With the introduction of the new Falco plugin system and the new 2.X Helm charts, it's not always really required to run the Falco pod as root. Nevertheless, Falco still does this wh…
-
Based on a discussion between @Andreagit97 @darryk10 and myself a few ideas shared by Andrea to improve bpf syscall based alerting in falco rules:
- [ ] add the possibility to check the return valu…
-
**Motivation**
One of the falco default stable rule is Detecting communication attempt from a container to the K8s api server, it would be great if event-generator supported this rule as well
**…
-
### Preflight Checklist
- [X] I agree to follow the [Code of Conduct](https://github.com/deckhouse/deckhouse/blob/main/CODE_OF_CONDUCT.md) that this project adheres to.
- [X] I have searched the [iss…
-
**Motivation**
This would improve the default security out of the box for helm chart users. If the containers currently support it, there isn't much downside to improving the default security.
It …
jemag updated
1 month ago
-
**Describe the bug**
Hi!
I'm using Falco to monitor some specific syscalls of Kubernetes pods on a GKE cluster.
It seemed to work well at first, but I've noticed that some events had incomplete…
-
**Motivation**
We are missing logs for what a user is performing in a container. We have alerts if one does "dangerous" commands like `nc` but I want to use falco to generate a history of logs for …
-
**Motivation**
As of now the plugin reads the given filepath (file or files in directory), parses it to create the alerts and stops there.
To have this more aligned with the functionality of Falc…
-
```
21:04:17.936567615: Warning (evt_type=page_fault name= pid=-1 tid=32024 user_loginuid=-1 process= proc_exepath= parent= command= terminal=0 exe_flags=)
21:04:17.936566121: Warning (evt_type=pp…
-
In January 2022, Falco introduced its first version of a Plugin framework to extend its available inputs. The framework has been enhanced in the following months to have something production ready for…
Issif updated
3 weeks ago