Falco

Falco is a cloud-native security tool designed for Linux systems.
It employs custom rules on kernel events, which are enriched with container and Kubernetes metadata, to provide real-time alerts.

🌐 falco.org (falcosecurity/falco)

📝 falco.org/docs, sysdig.com/opensource/falco

Architecture

Falco architecture diagram

Getting started

Training courses

Presentation

Releases

Version	Date	Links
0.15	May 13th, 2019	sysdig blog

Web resources

Readings

Cloud Infrastructure Entitlements Management (CIEM) with Sysdig Secure - October 27, 2021
Sysdig - Runtime security - November 15, 2021
Using Falco to monitor outbound traffic for Pods in Kubernetes by The Katz Experiments - April 16, 2021
Sysdig - Audit logs - February 9, 2021
CNCF Webinar w/ slides - Getting started with container runtime security using Falco - September 2, 2020
Kubernetes Security monitoring at scale with Sysdig Falco, by Skyscanner Engineering - January 29, 2020
How to detect Kubernetes vulnerability CVE-2019-11246 using Falco - July 9, 2019

Web recordings

CNCF: Detecting Five Famous Exploits With Falco - September 21, 2023
Sysdig: Falco 101 - What is Falco? - September 27, 2022
CNCF: Falco Deep Dive - April 22, 2021
CNCF: Detecting Security Policies Violation Using Falco - A Practical Introduction - December 4, 2020
KubeCon 2020: Intro to Falco - Intrusion Detection for Containers - September 4, 2020
Rancher: Detecting Anomalous Kubernetes Activity with Falco - April 21, 2020
CNCF: Kubernetes Runtime Security with Falco and Sysdig - December 28, 2019

Architecture​

Getting started​

Presentation​

Releases​

Web resources​

Readings​

Web recordings​

Architecture

Getting started

Presentation

Releases

Web resources

Readings

Web recordings