plugins
plugins copied to clipboard
falcosecurity
Falco plugins registry
Is there a guide to getting started with building/testing the plugins, and how to add a new one? An example from the [Kubernetes project ](https://github.com/kubernetes/community/tree/master/contributors/devel#readme) Thanks!
**Motivation** The idea is inspired by [terraform-provider-scaffolding](https://github.com/hashicorp/terraform-provider-scaffolding) project, which makes life easier to create custom providers from scratch by using [template-project](https://docs.github.com/en/repositories/creating-and-managing-repositories/creating-a-template-repository). In this project, we have [plugins](https://github.com/falcosecurity/plugins) folder to demonstrate...
new(anomalydetection): Initial Scope - CountMinSketch Powered Probabilistic Counting and Filtering
**What type of PR is this?** > Uncomment one (or more) `/kind ` lines: > /kind bug > /kind cleanup /kind design > /kind documentation > /kind failing-test /kind feature...
**What type of PR is this?** > Uncomment one (or more) `/kind ` lines: > /kind bug > /kind cleanup > /kind design > /kind documentation > /kind failing-test /kind...
**Motivation** Right now the only capabilities available in the plugin registry are `extraction` and `source` https://github.com/falcosecurity/plugins/blob/16306f2ff88f06f08d5fa3412244bc25591e59cc/build/registry/pkg/registry/types.go#L39 The `k8smeta` plugin supports also the `parsing` and the `async` ones but they are...
**Motivation** As of now the plugin reads the given filepath (file or files in directory), parses it to create the alerts and stops there. To have this more aligned with...
**What to document** Plugins authors must build their plugins using the same glibs version we use in Falco. We have to document that. /cc @jasondellaluce
Request: Could a Falco plugin take over responsibility for the AKS Audit Log Forwarder from Sysdig?
**Motivation** Back in 2022, I did some testing of [AKS Audit Log Forwarder](https://github.com/sysdiglabs/aks-audit-log) with Falco and was able to confirm that it works properly. Audit logs from AKS are routed...
**Motivation** Currently the `github.repo` field exposes the full repo url (`html_url` json field). To make processing the output with f.e. falcosidekick easier ([#falcosidekick 537](https://github.com/falcosecurity/falcosidekick/issues/537)) it would be great to have...
I have falco with k8saudit-eks addon deployed by helm chart. Very soon after the moment when the pod starts it is getting killed by OOM killer. The only thing i...
