Sign in to confirm you’re not a bot
This helps protect our community. Learn more

Falco: The Secret Weapon for Runtime Security

Is it Observable
10.4K subscribers
<__slot-el>
<__slot-el>
1.1K views 7 months ago
Let's dive deep into Falco, the most popular runtime security agent for your cloud-native applications. You're in the right place if you want to improve your cloud-native security, especially in detecting suspicious activities within your Kubernetes (K8s) runtime. Falco detects suspicious activity through kernel events, from unauthorized process executions to API misuse. We’ll walk through Falco's predefined and customizable rules and how to extend them using FalcoSidekick to send alerts to systems like Slack, Dynatrace, or even trigger workflows with Talon. What you'll learn in this episode:  ...more
...more
Falco: The Secret Weapon for Runtime Security
30Likes
1,166Views
Oct 72024
Let's dive deep into Falco, the most popular runtime security agent for your cloud-native applications. You're in the right place if you want to improve your cloud-native security, especially in detecting suspicious activities within your Kubernetes (K8s) runtime. Falco detects suspicious activity through kernel events, from unauthorized process executions to API misuse. We’ll walk through Falco's predefined and customizable rules and how to extend them using FalcoSidekick to send alerts to systems like Slack, Dynatrace, or even trigger workflows with Talon. What you'll learn in this episode:
  • Why runtime security is crucial for K8s environments
  • A breakdown of common suspicious events to monitor in your Kubernetes cluster
  • Introduction to Falco and how it leverages eBPF for real-time threat detection
  • The syntax and structure of Falco rules to tailor your security needs
  • How FalcoSidekick can streamline event reporting and integrate with your observability tools
Topics covered:
  • Falco overview and architecture
  • Detecting malicious container activity (like privilege escalation and traffic sniffing)
  • How to build and customize Falco rules
  • Sending Falco logs to various backends using FalcoSidekick
  • Observing Falco’s health and performance metrics
🔗 Useful links GitHub tutorial: https://dt-url.net/up03u2g Falco: https://falco.org Falco default rule: https://falco.org/docs/reference/rule... Falco Supported fields: https://falco.org/docs/reference/rule... Falco Sidekick: https://github.com/falcosecurity/falc... Dynatrace Trial: https://bit.ly/3KxWDvY Blog: https://isitobservable.io/observabili... 📖 Chapters 📖 ----------------------------- 00:00 Introduction to the video 05:22 Overview of Falco and its architecture 08:56 Introduction to the Falco rules 12:38 What is FalcoSidekick and how to use it 15:08 Observing Falco's health and performance 18:40 Conclusion and takeaways ----------------------------- 🔬 Want more about tools that the cloud-native pros use? Check out the full list of my favorites over here on this YouTube playlist:    • OpenTelemetry   Check out ALL my observability secrets, tips, and tricks in my blog: https://isitobservable.io/ 👉✅ Stay connected with me! Twitter:   / isitobservable   LinkedIn:   / isitobservable   IsItObservable is powered by Dynatrace’s own developer relations team. Subscribe to get observability reviews, tips and tricks, and tutorials tested by cloud-native experts. I review, test, and share results to help you succeed with platform engineering and observability.

Follow along using the transcript.

Is it Observable

10.4K subscribers