search

falcosecurity / falco-website

Source code of the official Falco website
https://falco.org
Creative Commons Attribution 4.0 International
34 stars 219 forks source link

Clarify selecting more events #1238

Open cccsss01 opened 8 months ago

cccsss01 commented 8 months ago

/area documentation

What would you like to be added: https://falco.org/docs/reference/rules/supported-events/#syscall-events

Note that, for performance reasons, by default Falco will only consider a subset of them indicated in the table below with "yes". However, it's possible to make Falco consider all events by using the -A command line switch.

for example: falco --modern-bpf -A

it would be great if there was a way to specifically select additional syscalls in the document.

Why is this needed: clarity.

incertum commented 8 months ago

Have you explored the base_syscalls option in falco.yaml?

We are also working on adding bunch of new debugging guides and rewrite most of the install guides.

Wanna get more closely involved?

cccsss01 commented 8 months ago

I'm already time slotted during the community call. I've joined a few when I was free. I was not familiar with base calls, which looks great. Maybe a PR to just link something for additional use case see base calls. I don't mind doing the PR asthetics tho..

incertum commented 8 months ago

Awesome, if you have suggestions where and how to cross-reference this better plz let us know and of course always feel free to open a PR. Was planning to also work on some help guides around performance and such, see https://github.com/falcosecurity/falco-website/issues/1229#issuecomment-1878149234

cccsss01 commented 8 months ago

Any way to add a new link to supported events for "advanced syscalls" then link it to that portion of the helm chart? :O I think that would be nice.

incertum commented 8 months ago

Agreed, for example could link to https://falco.org/blog/adaptive-syscalls-selection/ and also mention to checkout the config desc in the falco.yaml file.

Re helm chart @leogr can be your point of contact.

poiana commented 5 months ago

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

leogr commented 4 months ago

Any way to add a new link to supported events for "advanced syscalls" then link it to that portion of the helm chart? :O I think that would be nice.

@alacuku wdyt?

cc @LucaGuerra @Issif

poiana commented 3 months ago

Stale issues rot after 30d of inactivity.

Mark the issue as fresh with /remove-lifecycle rotten.

Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle rotten

leogr commented 3 months ago

/remove-lifecycle rotten /assign @LucaGuerra

poiana commented 3 weeks ago

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale