awesome-falco

A curated list of Falco related tools, frameworks and articles

Contents

• 💼 Official Projects
  • 📂 Repositories
  • 🗒️ Docs
  • 📰 Blogs
• 🐾 Community Repositories
• 🗃️ Blogs and Articles
• 📹 Videos
• 📑 Slides
• 🎤 Podcasts
• 🧪 Interactive Learning
• 🧰 IDE and Editor Integrations
• 📡 Support and Community
  • 💊 Develop and Contribute
  • 📆 Learn and Connect

Official projects

Repositories

• Falco - Cloud Native Runtime Security
• Falco Libs - libsinsp, libscap, the kernel module driver, and the eBPF driver sources
• Falcosidekick - A simple daemon to help you with falco's outputs
• Falcosidekick UI - A simple WebUI with latest events from Falco
• falcoctl - Administrative tooling for Falco.
• Falcosecurity Evolution - Evolution process of The Falco Project
• Falco Event Generator - Generate a variety of suspect actions that are detected by Falco rulesets

Docs

• Falco - Official Falco documentation

Blogs

• Falco - Official blog for the Falco project
• Sysdig Blog - Explore Sysdig resources for whitepapers, videos, webinars, case studies, and more. Embed security, compliance and monitoring into DevOps workflows.

Community Repositories

• Extending Falco outputs with Falcosidekick by developer-guy
• Falco workshop by vicenteherrera
• Container Runtime Security with Falco by developer-guy
• falco-filebeat-daemonset by Popsiclestick - Easily deployable daemonset which moves logs from falco with filebeat
• Falco Diagrams: Visually learn Falco and its eBPF probe

Blogs and Articles

• Using Falco to monitor outbound traffic for Pods in Kubernetes
• Installing and using sysdig falco by Spencer Krum
• Falco Container Native Security by cloudpirate
• Kubernetes Security monitoring at scale with Sysdig Falco by Skyscanner Engineering
• Container Host Security Demo - Falco for GitLab 13.2 by GitLab Unfiltered
• Kubernetes Security With Falco by Gaurav Agarwal
• Hunting for Malware with Falco by dlorenc
• Container runtime security in Kubernetes with Falco by gatesch
• Getting Started with Falco Runtime Security and Cloud Native Distributed SQL on Google Kubernetes Engine by yugabyte
• Integrating Falco and Your CI/CD Pipeline by ravilach
• Deploying Falco to Kubernetes by glentomkowiak
• Play by Play Security with Sysdig and Falco by avinash_vjti
• What is Falco, and how it work with Kubernetes by jihadbenabra
• Security Sprint: Falco by terceranexus6
• Runtime Security with Falco by Pawan Shankar
• Implementing Runtime Security in Amazon EKS using CNCF Falco by Anand Krishna
• Security with Falco by Radhika Rajesh
• Falco is the First Runtime Security Project to be Accepted into CNCF Incubator by Matt Campbell
• An Introduction to Kubernetes Security using Falco by Frederick Fernando
• Kubernetes Audit Log Falco by Pawan Shankar
• K3s Sysdig Falco by Dan Papandrea
• Falco Security and Monitoring on RKE Bare Metal Cluster with Rancher by Frank Jogeleit
• Falco at the edge arm64 by Alex Ellis
• Analyze AWS EKS Audit logs with Falco by Ismail Yenigul
• Sysdig contributes Falco's kernel module, eBPF probe, and libraries to the CNCF by Loris Degioanni
• Contribution of the drivers and the libraries By Leonardo Di Donato, Leonardo Grasso
• Runtime security in Azure Kubernetes Service by Eric Carter
• A story about touching Falco by RyuSA
• AWS S3 security with CloudTrail and Falco By Alba Ferri
• Detecting MITRE ATT&CK: Privilege escalation with Falco By Stefano Chierici
• Exploiting and detecting CVE-2021-25735: Kubernetes validating admission webhook bypass By Stefano Chierici
• Pick-up Container Security Project Falco

Videos

• Container Runtime Security with Falco by Kubernetes Meetup Tokyo
• Sysdig Falco - Open Source Docker Security - WTF my container just spawned a shell by Sysdig
• Intro to Falco: Intrusion Detection for Containers - Shane Lawrence, Shopify by Shane Lawrence
• Webinar: Getting started with container runtime security using Falco by Loris Degioanni
• Kubernetes Master Class - 2020-04-20 - Detecting Anomalous Kubernetes Activity with Falco by Rancher Labs
• Unveil hidden malicious processes with Falco in cloud-native environments by Kaizhe Huang

Slides

• Kubernetes Runtime Security with Falco and Sysdig by Jorge Salamero
• Getting Started with Runtime Security using Falco by Loris Degioanni

Podcasts

• Falco by Thomas Labarussias
• Kubelist Podcast on Falco with @danpopsd

Interactive Learning

• Container Runtime Security with Falco by falco
• Sysdig Falco: Container security monitoring by mateobur
• Blocking security threats with Falco Response Engine by Falco

IDE and Editor Integrations

• VS Code plugin - Falco Rules helpers for VSCode

Support and Community

Develop and Contribute

• Slack - Chat with other project developers
• Developer mailing list - Discuss development issues around the project
• Contributor of the Month - View the contributors of the month

Learn and Connect

• Twitter - Follow us on Twitter to get the latest news!
• User mailing list - Discussion and help from your fellow users
• StackOverflow - Practical questions and curated answers
• Calendar - Subscribe to the Falco calendar, through this ics feed