Overview
Discover how to enhance application security using Falco and eBPF in this informative conference talk from Conf42 Observability 2023. Explore runtime security concepts, syscalls, and the fundamentals of Falco and eBPF. Learn about Falco's architecture, including libscap and libsinsp libraries, the rule engine, and default ruleset. Understand how to connect Falco using Falcosidekick and react to events. Dive into the evolution of Falco plugins and witness a live demo. Gain insights on getting started with Falco and contributing to the project. Access additional resources, including the Falco documentation, GitHub repositories, and community channels for further learning and engagement.
Syllabus
intro
preface
who is thomas
runtime security?
syscalls
falco what's that?
ebpf...
...the hooks
...the verification
falco's architecture
libscap aka library for system capture
libsinsp aka library for system inspection
falco: the rule engine
falco: the default ruleset
connect falco: falcosidekick
react to events
falcosidekick ui
the evolution: the plugins
falco's current architecture
demo
getting started
how to contribute
Taught by
Conf42