-
Disclaimer: We will use the term “k8s user” to refer to the Kubernetes control plane “user” (human or serviceaccount) who makes API calls. This user is different from the traditional Linux users and s…
-
**Describe the bug**
We keep getting alerts that have fields with `NA` and `null` values. Specifically, this causes false positives for the `Non sudo setuid` and `Redirect STDOUT
/STDIN to N…
-
**Describe the bug**
While no system and mechanism is perfect, re-audit container engines for empty container info values (Initial focus on CRI for Kubernetes).
The motivation is to get to t…
-
## User Story
In order to meet SI-3, data.gov security wants all Falco logs to be collected in CloudWatch.
## Acceptance Criteria
[ACs should be clearly demoable/verifiable whenever possible.…
-
When I build the /usr/share/falco/plugins/libdocker.so, and I use the command falco -c /etc/falco/falco.yaml -r /etc/falco/rules.yaml to trigger falco, the system break down with:
Sat Jan 7 09:17:17…
-
**Describe the bug**
When using the dynatrace output i discovered in the logs of falcosidekick that it tries to check the certificate even if this option is disbabled.
here is an output on the l…
-
**Motivation**
I think we need an issue to track all the missing syscalls that can have a security value for `Falco`. I detected these ones right now:
- [x] `fsconfig` https://github.com/falcos…
-
Hello,
I have created an issue for an integration with Falco for ECS recently, facing a similar issue with integration of Falco with AWS FireLens for EKS.
The K8s config files for Firelens locate…
-
http_output must have compression, batching and keep_alive options.
This is relevant in HighLoad installations and without a falcosidekick in each k8s cluster.
-
**Motivation**
Share early feedback and improvement suggestion for the new `driver-loader` leading up to the Falco 0.37.0 release.