Stop wasting time: Use Falco Plugins to extend detection with any event stream | Alba Ferri
Falco is a CNCF open source container security tool designed to detect anomalous activity in your local machine, containers, and K8s clusters. It taps into Linux kernel system calls and K8s Audit logs to generate an event stream of all system activity. Thanks to its powerful and flexible rules language, Falco will generate security events when it finds malicious behaviors. The recent major Falco update introduced support of Falco Plugins. This new approach allows users to create and integrate different types of Falco plugins and extend the Falco detection engine with new event sources and generate security events using Falco rules. The event sources that can be integrated in Falco are infinited! Join us to know more about the Falco plugins approach and how you can use it in real breaches.