-
**Describe the bug**
The output of `sudo falco -L -o "json_output=true"` provide us a JSON description of each loaded rules. A piece of very useful information about this is the list of event t…
-
Dear Falco community,
@mikegcoleman, @n1g3ld0ugla5, and I would like to propose improvements to the "Falco Plugins" and "Event Sources" documentation.
The current structure is the following:
```
…
pmusa updated
6 months ago
-
**Describe the bug**
the eks audit plugin is emitting events for "disallowed k8s user" for system users. There are rules to exclude system users but they are apparently not being honored.
U…
-
Hi there,
First of all, let me say a big thank you for this awesome program! It seems to be working well and I love it!
I think that it would be greatly improved if it calculates a checksum for …
-
**Motivation**
The idea is inspired by [terraform-provider-scaffolding](https://github.com/hashicorp/terraform-provider-scaffolding) project, which makes life easier to create custom providers from…
-
### What happened?
After joining worker node(**Rocky Linux 9.0)** the pods keep getting deleted and recreated with `Pod sandbox changed, it will be killed and re-created.` message
```bash
Norma…
-
**Describe the bug**
After upgrading Falco from `0.36.2` to `0.37.1` and switching driver from `ebpf` to `modern_ebpf`, it causes physical server with higher load to crash.
**How to reproduce it…
-
**Describe the bug / how to reproduce**
1. go to https://falcosecurity.github.io/falco-playground/
2. select "run with scap" from the dropdown and click on a scap file
3. the terminal reports "…
-
Here are some notes I made while working on the Falco Plugin Rust SDK. Please note that they're *not* blockers for the Rust SDK itself (everything here has a workaround, better or worse). I hope that …
-
**Describe the bug**
The k8s_audit_rules.yaml missing macro about **rolebinding** in default
**How to reproduce it**
You can find **code line 579 & 587** in https://github.com/falcosecu…