Highest Voted 'falco' Questions

0

votes

0 answers

Falco Installation failure due to GPG key

I am trying to install Falco on OCI instance but it is failing with the following error: Following this blog:…

oracle-cloud-infrastructure falco

asked Feb 07 '23 at 16:47

Lizzie

343
2
8
20

0

votes

1 answer

Falco pod initcontainer is not working. curl: (22) The requested URL returned error: 404

I am trying to install falco on my kubernetes cluster with helm chart. I am deploying as Deamonset and using ebpf but getting error on my init containers. What should I do? This is my values yaml

ebpf falco

asked Jan 27 '23 at 08:55

Pablo

1

0

votes

1 answer

How to catch an ouppuit of a process or a command

I'm trying to write a rule where the condition depends on the output of a script.sh. I had tried several approaches, but I did not have success. Searching in your documentation but didn´t find anything that help me. I tried several evt or proc, but…

docker field rules falco

asked Dec 17 '22 at 01:32

RAUL RODRIGUEX

1

0

votes

1 answer

Falco - Readiness probe failed: Get "http://10.62.94.129:8765/healthz": dial tcp 10.62.94.129:8765: connect: connection refused

I have a falco image that is crashing because of readiness proble failed I have this set Liveness: http-get http://:8765/healthz delay=60s timeout=5s period=15s #success=1 #failure=3 Readiness: http-get http://:8765/healthz delay=30s…

kubernetes falco

asked Dec 12 '22 at 20:32

jlamenza

23
4

0

votes

0 answers

Falco not writing to logs about a file being edited

I have deployed falco as a side car to my work load in EKS/Fargate. Falco is able to execute the script that is defined in the image but not able to monitor workload container in runtime, meaning if I create a file at a location defined in the rules…

falco

asked Nov 30 '22 at 19:29

Suresh

11
3

0

votes

0 answers

Falco jq and curl packages not found problem

I tried to deploy Falco via Helm. And I set program_output for sending messages to slack channel but the problem is falco image doesnt have curl and jq packages. How can I fix this problem? My program output block: program: | jq 'if…

kubernetes falco

asked Nov 23 '22 at 14:29

Siyah

1
2

0

votes

1 answer

falco docker containers monitoring

Can any one of you please tell me where I can find the way to monitor docker images with falco? Now I'm using Ubuntu for testing purposes, but in the end I want to use it in AWS Fargate environment. Thanks Help on this from the community

falco

asked Oct 31 '22 at 17:38

RAUL RODRIGUEX

1

0

votes

1 answer

Falco: couldn't get in datasource k8s-audit in Falcosidekick UI after deploy falco with k8saudit plugin

my test environment: kubernetes: 1.20.15 falco: 0.32.1 falco helm chart: falco-2.0.17 my deployment process. deploy falco with helm, with k8saudit plugin $helm repo add falcosecurity https://falcosecurity.github.io/charts $helm install falco…

kubernetes falco

asked Aug 10 '22 at 06:21

lizi

1
1

0

votes

1 answer

Falco pod is not working init:ImagePullBackOff

I'm using helm chart of falco and here are the commands helm repo add falcosecurity https://falcosecurity.github.io/charts helm repo update helm install falco falcosecurity/falco Here's the output NAME READY STATUS …

docker kubernetes minikube falco

asked Aug 04 '22 at 12:22

ssi_knowledge

1

0

votes

1 answer

Falco node info

How do we get the node information from falco threats events response. According to current supported fields for conditions we do not get any information regarding the node name as such. https://falco.org/docs/rules/supported-fields/

kubernetes falco

asked May 26 '22 at 05:45

Ajinkya16

227
2
11

0

votes

2 answers

Falco deployment in namespace

How do we deploy falco in adifferent namespace as it is deployed in the default namespace? How do we specify on which namespace to install falco charts?

kubernetes falco

asked Mar 31 '22 at 13:54

Ajinkya16

227
2
11

0

votes

1 answer

Enabling audit rules in falco

I had installed falco using helm in my minikube cluster(v1.22.0 kubernetes v1.17.17). The falco is working good and showing logs for default rules in falco-rules.yaml but when it comes comes to k8s audit rules, it doesn't show any logs even on…

kubernetes kubernetes-helm minikube sysdig falco

asked Sep 13 '21 at 04:42

Sathya

69
2
8

0

votes

1 answer

no matches for kind "Config" in version "v1"

I tried to run a config file to set Falco as my backend webhook. Iam getting this error on trying to run my config file revaa@revaa-Lenovo-E41-25:~/opa$ kubectl apply -f conflc.yaml error: unable to recognize "conflc.yaml": no matches for kind…

kubernetes config minikube falco

asked Sep 07 '21 at 07:18

Sathya Narayanan

11
5

0

votes

0 answers

Volume mount on SCC as requirement for running Falco

Is it possible to run falco with removing several volume value on scc ? for example just putting hostpath only as value on falco SCC because on the environment (OCP & k8s) only permitted to access hostpath only.. as i see, the value on SCC falco…

kubernetes security falco

asked Jul 01 '21 at 14:42

Indra

1

0

votes

2 answers

Falco output formation

I am using runtime detection tool Falco to analyse the container behavior for at least 40 seconds, using filters that detect newly spawning and executing processes store the incident file art /opt/falco-incident.txt containing the detected…

kubernetes falco

asked May 05 '21 at 05:37

O.Man

585
2
9
20

Questions tagged [falco]