-
sysdig and falco installed through the project's Debian repository on existing systems running Jessie and Kubernetes 1.4
falco process consumes 2.8 GB of resident memory after running on a cluster …
-
When the falco engine matches an event to a rule, it returns the rule's name, priority, and output string.
Later, in the outputs module, the output string is prefixed with '*' to ensure that if an …
-
I added the rule at the bottom of this message to the rules.yaml file. When I do a curl, I would expect the rule to be hit multiple times. However, I don't see any alert.
---
- rule: system_binaries_…
-
I'm trying to use the pre-defined rule in falco_rules.local.yaml to detect when a user runs sudo inside a container. The rule is:
```
- rule: The program "sudo" is run in a container
desc: An e…
pogao updated
5 years ago
-
I have been trying to install falco as a POC but it keeps erring out. I am using the helm chart deploy it and using the default rules. We have a GKE cluster with a combination of CoreOs and Ubuntu no…
-
**Is this a request for help?**:
No
**Is this a BUG REPORT or FEATURE REQUEST?** (choose one):
Bug Report
**Which chart**:
stable/falco
**What happened**:
Adding a custom rules configmap …
-
@pgray reported high falco cpu usage with the attached falco rules file:
[falco_rules.yaml.zip](https://github.com/draios/falco/files/759148/falco_rules.yaml.zip)
Compared to 0.5.0, a few rules ha…
-
**Browsers and versions affected**
64.0.3282.39 / Macbook, Macbook Air, Lenovo win 7, Asus win 10
**Steps to reproduce**
0. Browse to https://webrtc.github.io/test-pages/src/peer2peer/
1. Click …
-
It's possible to have rules that don't explicitly name an event type, or have conditions that make it difficult to map to a specific set of event types. These rules run for all event types. This compa…
-
Would it be possible for Loris Degioanni and Mark Stemm of Sysdig to present Sysdig's Falco to the TOC on the March 6th, 2018 call? https://sysdig.com/opensource/falco/
In short, Falco leverages Sy…
mfdii updated
6 years ago