Falco is the de facto Runtime Security agent for Kubernetes environments, by capturing syscalls it can see everything at Kernel level. With its’ new Plugin system, you can now apply the logic of rules to any event stream you need.
This session is for you if you want to learn:
What are Plugins for Falco and what kind of events can we use as input?
How to develop a Plugin
How to write Falco rules for events from a Plugin