Marketplace

Falco Security

Updated September 24, 2024

The Falco Project is intended to secure the operation of Linux-based operating systems.

The Falco application:

  • Parses Linux kernel system calls at runtime.
  • Analyzes signals using a configurable set of rules.
  • Sends an alert if the rules are violated.

To use Falco, install Kyverno & Kyverno Policies or another product that supports writing results to wg-policy-prototypes.

Deployment instructions
  1. To install Falcosidekick and send monitoring events via the Policy Adapter to the data collection module used for Kyverno policy results:

    1. Install kubectl and configure it to work with your cluster.

    2. Create a node group for Falco.

    3. Install Kyverno & Kyverno Policies or the following CRDs:

      kubectl create -f https://github.com/kubernetes-sigs/wg-policy-prototypes/raw/master/policy-report/crd/v1alpha2/wgpolicyk8s.io_clusterpolicyreports.yaml && \
      kubectl create -f https://github.com/kubernetes-sigs/wg-policy-prototypes/raw/master/policy-report/crd/v1alpha2/wgpolicyk8s.io_policyreports.yaml
      
  2. Configure the application:

    • Namespace: Select a namespace or create a new one.
    • Application name: Enter a name for the application.
  3. Click Install.

  4. Wait for the application to change its status to Deployed.

Billing type
Free
Type
Kubernetes® Application
Category
Security
Publisher
Yandex Cloud
Use cases

Tracking potential threats in a Kubernetes cluster:

  • Abusing container privileges and namespaces.
  • Read and write operations of system directories (/etc, /usr/bin, and /usr/sbin).
  • Unforeseen network connections.
  • Running scripts (sh, bash, csh, and zsh) and system utilities (ssh, scp, and sftp).
  • Unforeseen changes to the Linux kernel executable modules.
Technical support

Yandex Cloud technical support is available 24/7. The types of requests you can submit and the appropriate response time depend on your pricing plan. You can switch to the paid support plan in the management console. You can learn more about the technical support terms here.

Product composition
Helm chartVersion
Pull-command
Documentation
falco2.2.5Open
Docker imageVersion
Pull-command
falcosecurity/falco-no-driverv0.33.1
falcosecurity/falco-driver-loaderv0.33.1
falcosecurity/falcosidekickv2.26.1
Terms
By using this product you agree to the Yandex Cloud Marketplace Terms of Service
Billing type
Free
Type
Kubernetes® Application
Category
Security
Publisher
Yandex Cloud