Giter Site home page Giter Site logo

rajibmitra / falco Goto Github PK

View Code? Open in Web Editor NEW

This project forked from falcosecurity/falco

0.0 1.0 0.0 7.85 MB

Cloud Native Runtime Security

Home Page: https://falco.org

License: Apache License 2.0

Shell 11.76% Lua 10.95% CMake 12.11% C++ 49.69% C 0.74% Python 5.05% R 0.72% Makefile 0.13% Ruby 0.21% Puppet 1.12% HTML 1.15% Dockerfile 6.36%

falco's Introduction

Cloud Native Runtime Security.

The Falco Project

Latest release

v0.19.0 Read the change log

Build Status CII Best Practices Summary GitHub

Falco is a behavioral activity monitor designed to detect anomalous activity in your applications. Falco audits a system at the most fundamental level, the kernel. Falco then enriches this data with other input streams such as container runtime metrics, and Kubernetes metrics. Falco lets you continuously monitor and detect container, application, host, and network activity—all in one place—from one source of data, with one set of rules.

Falco is hosted by the Cloud Native Computing Foundation (CNCF) as a sandbox level project. If you are an organization that wants to help shape the evolution of technologies that are container-packaged, dynamically-scheduled and microservices-oriented, consider joining the CNCF. For details read the Falco CNCF project proposal.

What kind of behaviors can Falco detect?

Falco can detect and alert on any behavior that involves making Linux system calls. Falco alerts can be triggered by the use of specific system calls, their arguments, and by properties of the calling process. For example, Falco can easily detect incidents including but not limited to:

  • A shell is running inside a container.
  • A container is running in privileged mode, or is mounting a sensitive path, such as /proc, from the host.
  • A server process is spawning a child process of an unexpected type.
  • Unexpected read of a sensitive file, such as /etc/shadow.
  • A non-device file is written to /dev.
  • A standard system binary, such as ls, is making an outbound network connection.

Installing Falco

A comprehensive installation guide for Falco is available in the documentation website.

How do you compare Falco with other security tools?

One of the questions we often get when we talk about Falco is “How does Falco differ from other Linux security tools such as SELinux, AppArmor, Auditd, etc.?”. We wrote a blog post comparing Falco with other tools.

Documentation

See Falco Documentation to quickly get started using Falco.

Join the Community

To get involved with The Falco Project please visit the community repository to find more.

License Terms

Falco is licensed to you under the Apache 2.0 open source license.

Contributing

See the CONTRIBUTING.md.

Security

Security Audit

A third party security audit was performed by Cure53, you can see the full report here.

Reporting security vulnerabilities

Please report security vulnerabilities following the community process documented here.

falco's People

Contributors

mstemm avatar leodido avatar henridf avatar fntlnz avatar kaizhe avatar mfdii avatar nestorsalceda avatar jplachance avatar rung avatar bencer avatar krisnova avatar ret2libc avatar ldegio avatar jcoetzee avatar dkerwin avatar mattpag avatar vrongmeal avatar aarroyoc avatar goller avatar nibalizer avatar bwolmarans avatar toc-me[bot] avatar logansteinberg avatar lorenzo-david avatar daviddetorres avatar zt2 avatar ntimo avatar daixiang0 avatar tao12345666333 avatar carlsverre avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.