Those days we have been working in a Helm Chart for Sysdig Falco, and a few days ago it was released. Sysdig Falco is an open source, container security monitor designed to detect anomalous activity in your containers. Sysdig Falco taps into your host’s (or Node’s in the case Kubernetes) system calls to generate an event stream of all system activity. Falco’s rules engine then allows you to create rules based on this event stream, allowing you to alert on system events that seem abnormal. Since containers should have a very limited scope in what they run, you can easily create rules to alert on abnormal behavior inside a container.
So with the Helm Chart deploying Falco in your Kubernetes cluster and start implementing run-time security is a breeze. You can read the complete announcement here.
And you can read more about Sysdig Falco in the following links:
Thanks, and of course feedback is welcome!