Announcing Falco 0.2.0
Today we released version 0.2.0 of Falco. Falco is our new, open source, behavioral security monitoring agent. The major change in this release was a fairly big rework of the ruleset, adding/changing conditions for many rules to improve detection and reduce false positives. We also added a suite of regression tests to ensure stability for future releases.
This ruleset also takes advantage of some new capabilities added to sysdig 0.10.0, specifically session id tracking and the proc.sname filter, to provide a scope for installation-related policies. We’ll be discussing these features in more detail in an upcoming blog post.
For the full set of changes in this release, you can always look at the changelog at github.
Finally, if you want the complete story on Falco, head over to the website and read all about it.
Let us know if you have any issues, and enjoy!
Btw, we are running a webinar discussing the challenges of troubleshooting issues and errors in Docker containers and Kubernetes, like pods in CrashLoopBackOff, join this session and learn:
- How to gain visibility into Docker containers with Sysdig open source and Sysdig Inspect.
- Demo: troubleshoot a 502 Bad Gateway error on containerized app with HAproxy.
- Demo: troubleshoot a web application that mysteriously dies after some time.
- Demo: Nginx Kubernetes pod goes into CrashLoopBackOff, what's you can do? Will show you how to find the error without SSHin into production servers.
Start Your Free Trial Today