Skip to content

0.13.0
Compare
Choose a tag to compare
@mstemm mstemm released this 09 Nov 21:45
· 3841 commits to master since this release
0.13.0
bd7a973

Released 2018-11-09

Major Changes

  • Support for K8s Audit Events : Falco now supports K8s Audit Events as a second stream of events in addition to syscalls. For full details on the feature, see the wiki.

  • Transparent Config/Rule Reloading: On SIGHUP, Falco will now reload all config files/rules files and start processing new events. Allows rules changes without having to restart falco [#457] [#432]

Minor Changes

  • The reference integration of falco into a action engine now supports aws actions like lambda, etc. [#460]

  • Add netcat to falco docker images, which allows easier integration of program outputs to external servers [#456] [#433]

Bug Fixes

  • Links cleanup related to the draios/falco -> falcosecurity/falco move [#447]

  • Properly load/unload kernel module when the falco service is started/stopped [#459] [#418]

Rule Changes

  • Better coverage (e.g. reduced FPs) for critical stack, hids systems, ufw, cloud-init, etc. [#445]

  • New rules Launch Package Management Process in Container, Netcat Remote Code Execution in Container, and Lauch Suspicious Network Tool in Container look for running various suspicious programs in a container. [#461]

  • Misc changes to address false positives in GKE, Istio, etc. [#455] [#439]

Assets 2
Loading