[Project Idea] Upgrading event-generator and automating Falco performance testing

[jasondellaluce]

Description

Falco is a real-time security tool designed to detect abnormal behaviours and security-related runtime events in Linux systems and the cloud. The event-generator is an utility within the Falco ecosystem that helps testing Falco’s detection capabilities. The tool also has benchmark capabilities that represent a building block of the Falco performance testing practices. However, the project received less attention than required in the past few years and would require some care and renovation. This Google Summer of Code project proposes upgrading the event-generator to improve its testing and benchmarking capabilities, its reliability, and its consistency, and developing new Continuous Integration pipelines based on it. The end goal is to evolve the event-generator and make it the standard tool for systematically assessing the correctness and performance of Falco’s threat detection capabilities at every release and development cycle

Expected outcome

The project will result in an extended version of the event-generator tool that reliably generates a consistent number of events per second and stresses the most common detection scenarios of Falco. This enhanced utility will be integrated into Falco’s Continuous Integration (CI) pipeline, allowing for efficient systematic monitoring of performance regressions while ensuring alignment with past benchmarking results. Eventually, this could originate new performance optimizations in Falco itself. A stretch goal for the mentee would be to become an official maintainer of the event-generator project and/or of other repositories of the Falco ecosystem

Recommended Skills

Go programming language, familiarity with continuous integration, understanding of performance benchmarking concepts

cc @alacuku

[jasondellaluce]

This has been proposed to the CNCF org for the Google Summer of Code 2024 in https://github.com/cncf/mentoring/pull/1169

[octonawish-akcodes]

Hi @jasondellaluce I am interested in this issue, can you provide some resources to better understand the issue?

[alacuku]

Hey @octonawish-akcodes, I would suggest having a look to these docs: https://github.com/falcosecurity/event-generator#benchmark and more in general to Falco and event-generator.

[leogr]

As the creator of the event-generator, I'm just more than happy to see this. :star_struck: I will be happy to share my knowledge and help.

[vax-r]

Hello @jasondellaluce , @leogr . I am looking forward to become a GSoC student in this project !

[h4l0gen]

Hey @jasondellaluce , @leogr, @alacuku, It's great that Falco participating in the upcoming GSoC event. I am looking forward to making more contributions to Falco with this opportunity 😀❤️

[Ayush9026]

Hi @jasondellaluce sir i am also interested in this project for GSoC 2024.

[Ayush9026]

Hi @jasondellaluce sir i am also interested in this project for GSoC 2024.

[jasondellaluce]

Hi everyone! Love to see good interest in the project! Please make sure to follow the GSoC application process, we're looking forward to seeing this project succeed!

[praveen-rikhari]

Hello @leogr @jasondellaluce @alacuku I hope this message finds you well. My name is Parveen Rikhari, and I've recently come across the Falco Event Generator project on GitHub. I'm keen on contributing to this project and have been considering it for my GSoC 2024 proposal.It would be incredibly beneficial if you could provide guidance on the event generator project, as it will enable me to learn, contribute, and enhance my proposal.

Thank you

[leogr]

Hey folks, I'm very happy to see all this interest in the event generator. By the way, I'm receiving a lot of private requests asking for guidance on the event generator. I would recommend you all open an issue on the project repository and ask your questions. In this way, we will share the knowledge easily and quickly.

:pray:

[GLVSKiriti]

Hello @jasondellaluce, @alacuku and @leogr,

I hope this message finds you well. As we delve deeper into our GSoC project, I would greatly appreciate it if we could discuss in more detail about the specific tasks we'll be tackling beyond the integration of the event-generator into the Falco CI pipeline

Like what exactly "upgrading the event-generator" means, only adding wide range of events(That triggers default falco rules)? Or is there anything more to tackle?

If you can share anything more about this project idea it would be more helpful for us 😀❤️

[poiana]

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

[alacuku]

/remove-lifecycle stale