Announcing Falco 0.2.0

By on June 10, 2016

Today we released version 0.2.0 of Falco. Falco is our new, open source, behavioral security monitoring agent. The major change in this release was a fairly big rework of the ruleset, adding/changing conditions for many rules to improve detection and reduce false positives. We also added a suite of regression tests to ensure stability for future releases.

This ruleset also takes advantage of some new capabilities added to sysdig 0.10.0, specifically session id tracking and the proc.sname filter, to provide a scope for installation-related policies. We’ll be discussing these features in more detail in an upcoming blog post.

For the full set of changes in this release, you can always look at the changelog at github.

The release is available via the usual channels–rpm/debian packages, docker hub, github.

Finally, if you want the complete story on Falco, head over to the website and read all about it.

Let us know if you have any issues, and enjoy!




Eager to learn more? Check out our online session: Building an Open Source Container Security Stack

On this session Sysdig and Anchore are presenting how using Falco and Anchore Engine you can build a complete open source container security stack for Docker and Kubernetes.

This online session will live demo:

  • Using Falco, NATS and Kubeless to build a Kubernetes response engine and implement real-time attack remediation with security playbooks using FaaS.
  • How Anchore Engine can detect software vulnerabilities in your images, and how can be integrated with Jenkins, Kubernetes and Falco.


Stay up to date!

Get new articles from this blog (weekly)
Or container ecosystem updates (monthly)

Thanks so much for signing up!
Please check your inbox for a confirmation email.