Blog
Do you have something to share? Contribute to Falco blog!
Extend Falco inputs by creating a Plugin: Distribute the plugin
This post is is part of a series of articles about How to develop Falco plugins. It's addressed to anybody who would like to understand how plugins are written and want to contribute. See other articles: Extend Falco inputs by creating a …
Modern eBPF probe is ready to shine
Introducing the brand-new eBPF probe: a game-changing addition to Falco's toolkit. Curious to learn more? Dive into our first blog post where we spill the beans on its exciting features, what you need to get started, and real-world use …
Falco 0.35.0
Dear Community, today we are delighted to announce the release of Falco 0.35.0! A big thank you to all our contributors for helping get the latest release out, we are thrilled to share this release and its goodies with the community. To …
Monitoring your EKS clusters audit logs
This blog post is an update of a post of November 2022 At the beginning of the year 2022, Falco introduced a game changing feature, the Falco Plugins. They allow Falco to monitor and trigger alerts for any kind of event. Since the launch …
Add prebuilt drivers for new distro
Hi everyone! Today we are going to learn how to add support for a new distro prebuilt drivers. There are multiple repositories involved with it, and while most of the time it should be a pretty simple job, other times it can become really …
Forward Falco events to AWS Security Lake
Last November at re:Invent (2022) AWS introduced the new security oriented data lake: Amazon Security Lake. The AWS team leading the development of the new service contacted the Falco community and proposed a collaboration to develop the …
Falcoctl: install and manage your rules and plugins
Since the launch of the plugin framework in January 2022, our adopters have requested an out-of-the-box solution to manage the lifecycle of rules (installation, updates). We heard your request and also created a guide to help you smoothly …
