Case Studies

Blog Post

Announcing Falco 0.2.0

Today we released version 0.2.0 of Falco. Falco is our new, open source, behavioral security monitoring agent. The major change in this release was a fairly big rework of the ruleset, adding/changing conditions for many rules to improve detection and reduce false positives. We also added a suite of regression tests to ensure stability for future releases.

This ruleset also takes advantage of some new capabilities added to sysdig 0.10.0, specifically session id tracking and the proc.sname filter, to provide a scope for installation-related policies. We’ll be discussing these features in more detail in an upcoming blog post.

For the full set of changes in this release, you can always look at the changelog at github.

The release is available via the usual channels–rpm/debian packages, docker hub, github.

Finally, if you want the complete story on Falco, head over to the website and read all about it.

Let us know if you have any issues, and enjoy!




Gartner Report! Reimagining Security for a Cloud Native DevSecOps World

Read the Report for Gartner's Recommendations on rethinking:

  • How services can be securely deployed and maintained
  • How service access can be protected from attacks
  • How sensitive information can be protected
  • How service delivery incidents - including security - can be handled

Download the Gartner Report now http://bit.ly/2OBE6Es

Share This

Stay up to date

Sign up to recieve our newest.