Posts in 2022
Analyze Okta Log Events with a Falco Plugin
Friday, March 25, 2022 By Thomas Labarussias
In March 2022, the cybercriminal group LAPSUS$ claimed to have breached Okta, the Identity Platform, only two months earlier, leaving their customers with the uncertainty of having been exposed as well. After a thorough investigation undertaken by …
Falco 0.31.1
Friday, March 11, 2022 By Luca Guerra
Today we announce the release of Falco 0.31.1 🦅! Novelties 🆕 Let's review some of the highlights of the new release. New features This release allows you to use multiple --cri command-line options (#1893) to specify multiple CRI socket paths. Note …
Extend Falco inputs by creating a Plugin: Register the plugin
Wednesday, March 02, 2022 By Thomas Labarussias
This post is is part of a series of articles about How to develop Falco plugins. It's addressed to anybody who would like to understand how plugins are written and want to contribute. See other articles: Extend Falco inputs by creating a Plugin: the …
Extend Falco inputs by creating a Plugin: the basics
Tuesday, February 15, 2022 By Thomas Labarussias
This post is is part of a series of articles about How to develop Falco plugins. It's adressed to anybody who would like to understand how plugins are written and want to contribute. See other articles: Extend Falco inputs by creating a Plugin: …
Announcing Plugins and Cloud Security with Falco
Wednesday, February 09, 2022 By Loris Degioanni
The just released Falco v0.31.0 is the result of several months of hard work and includes many exciting new features. One of them, however, is particularly strategic for Falco as a project: the general availability of the plugins framework. I would …
Falco 0.31.0 a.k.a. "the Gyrfalcon"
Monday, January 31, 2022 By Jason Dellaluce, Leonardo Grasso
Today we announce the release of Falco 0.31.0, a.k.a the Gyrfalcon 🦅! Gyrfalcons are the largest of the falcon species, just like this version of Falco has the biggest changelog ever released. To give you some metrics, since the last release, the …
Monitoring new syscalls with Falco
Monday, January 17, 2022 By Jason Dellaluce, Federico Di Pierro
Falco is currently the de facto standard for runtime threat detection in Kubernetes environments. The project is growing at a very fast pace, and so is its open source community. The role of Falco is to collect all the system events of a cluster and …
Posts in 2021
Security Analytics with SysFlow
Tuesday, December 21, 2021 By Frederico Araujo & Teryl Taylor, IBM Research
Hello, fellow Falcoers! This blog introduces you to a new open system telemetry format and project called SysFlow. The project has deep ties to Falco, the de facto CNCF cloud-native runtime security project. Falco is exceptional at detecting …
Package Hunter: Detect software supply chain attacks using Falco
Thursday, December 09, 2021 By Nate Magee, Vicente J. Jiménez Miras
GitLab covers the entire software development lifecycle in a single application: From managing, coding, deploying and securing, without forgetting collaboration. However, achieving velocity with confidence, security without sacrifice, and visibility …
Falco Plugins Early Access
Tuesday, October 12, 2021 By Mark Stemm
One of the upcoming features in Falco that we're really excited about is the ability to extend Falco's functionality by using plugins. We'll be demoing this capability during Kubecon North America 2021. Specifically, we'll be showing the support for …