Bret and his co-host, Matt, are joined by Jason Dellaluce and Luca Guerra from Sysdig to talk about Falco, a tool I recommend for production clusters and knowing about any bad behavior on your servers.

Falco is a security tool I've mentioned multiple times on this show, because I mostly think that a low level security focused logging product is something that every production server needs. The ability to log unexpected events and behaviors on your Linux host is powerful and necessary to be able to audit what's really happening on your infrastructure outside of your app itself.

Falco has been a CNCF incubating project for over four years, and I was immediately drawn to it in its early days, because it was container and Kubernetes aware and it could log and alert with default rules for everything, from someone starting a shell inside a container, to a bash history file being deleted, to a container trying to talk to the Kubernetes API.

This episode will be useful for those of you new to tools like Falco and for those familiar with its basics, but also wanting to learn about newer features and use cases, which I did some learning on myself in this episode.

Live recording of the complete show from April 6, 2023 is on YouTube (Ep. #210).

★Topics★
Falco website
Falco on CNCF

You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!

Grab the best coupons for my Docker and Kubernetes courses.
Join my cloud native DevOps community on Discord.
Grab some merch at Bret's Loot Box
Homepage bretfisher.com

• (00:00) - Intro