1 month ago

SALT LAKE CITY — Falco was designed to solve a particular problem: How to gain observability of an application at runtime. The runtime observability and security project https://thenewstack.io/falco-is-a-cncf-graduate-now-what/ from the https://cncf.io/?utm_content=inline+mention, six years after it entered the CNCF sandbox. It collects data including pod names, name spaces and other elements of events, and then correlates them with rules.

“We are collecting events on the fly, like a stream, We are trying to be, as much as possible, real time.” The tool uses a kernel module to collect events directly from the kernel, said https://github.com/lucaguerra, senior open source engineer at Sysdig.