Falco#
License: Apache 2.0
Falco is an open-source cloud-native runtime security tool for Kubernetes. We use Falco to monitor and secure our Kubernetes environments, leveraging its ability to inspect system calls made by the containers and pods in our clusters. Based on a set of rules that we define, Falco will alert on any malicious or unexpected behavior.
Additionally, we use Falco Sidekick and Falco Sidekick-UI to forward events to other tools in our ecosystem, and present a web interface to quickly view the latest Falco events.
Links#
-
Code
-
Documentation
- Getting Started: https://falco.org/docs/getting-started
- Deployment Guides: https://falco.org/docs/deployment
- Configuration: https://falco.org/docs/configuration
- Rules: https://falco.org/docs/rules
-
Implementation
Dashboards#
aws-dvlp | falco.dvlp.aws.itcp.cloud.vt.edu | op-dvlp | falco.dvlp.op.itcp.cloud.vt.edu |
aws-pprd | falco.pprd.aws.itcp.cloud.vt.edu | op-pprd | falco.pprd.op.itcp.cloud.vt.edu |
aws-prod | falco.prod.aws.itcp.cloud.vt.edu | op-prod | falco.prod.op.itcp.cloud.vt.edu |
Update Concerns#
Falco is still in beta. Before upgrading to v1, make sure to check the online documentation for an upgrade guide.