Announcing Falco 0.3.0
- Reordering a rule condition’s operators to put likely-to-fail operators at the beginning and expensive operators at the end. This allows rules to shortcut early when they don’t match.
- Adding the ability to perform x in (a, b, c, ...) as a single set membership test instead of individual comparisons between x=a, x=b, etc.
- Avoid unnecessary string manipulations.
- Using startswith as a string comparison operator when possible.
- Use is_open_read/is_open_write when possible instead of searching through open flags.
- Group rules by event type, which allows for an initial filter using event type before going through each rule’s condition.
- Phoronix‘s pts/apache and pts/dbench tests.
- Sysdig Cloud Kubernetes Demo: Starts a kubernetes environment using docker with apache and wordpress instances + synthetic workloads.
- Juttle-engine examples: Several elasticsearch, node.js, logstash, mysql, postgres, influxdb instances run under docker-compose.
|Workload||0.2.0 CPU Usage||0.3.0 CPU Usage|
|Kubernetes-Demo (During Teardown)||15%||3%|
- Add a new output type "program" that writes a formatted event to a configurable program. Each notification results in one invocation of the program. A common use of this output type would be to send an email for every falco notification.
- Add the ability to run falco on all events, including events that are flagged with EF_DROP_FALCO. EF_DROP_FALCO events are high-volume, low-value events that are ignored by default to improve performance.
The release is available via the usual channels–rpm/debian packages, docker hub, github.
Finally, if you want the complete story on Falco, head over to the website and read all about it.
Let us know if you have any issues, and enjoy!
On this session Sysdig and Anchore are presenting how using Falco and Anchore Engine you can build a complete open source container security stack for Docker and Kubernetes.
This online session will live demo:
- Using Falco, NATS and Kubeless to build a Kubernetes response engine and implement real-time attack remediation with security playbooks using FaaS.
- How Anchore Engine can detect software vulnerabilities in your images, and how can be integrated with Jenkins, Kubernetes and Falco.
Start Your Free Trial Today