Since the inception of Falco, we’ve seen users write custom rules covering a number of different use cases. Because Falco is behavioral monitoring with a syntax that leverages system calls, you can write a rule for just about anything: opening a file, becoming root, or making a network connection.

We recently released Falco 0.13.0, which is probably the most exciting release since Falco’s 0.1.0 release almost two and a half years ago. With 0.13.0, we’re adding support for a second stream of events — Kubernetes Audit Events. This release also lays the groundwork for additional event sources to be easily added.

There are quite a few Docker security tools in the ecosystem, how do they compare? We have gathered a list of the most popular Docker security tools so you can evaluate what fits your needs better, including features and use cases. Here you will find both open source projects and Docker security commercial vendors.

In this tutorial we are going to learn how to instrument Golang code to expose application custom metrics using expvar. This will help you monitor availability, health and performance of your Go application.

As Cota Healthcare moved to Kubernetes on Google Cloud, it chose Sysdig for Kubernetes monitoring and container security. With Sysdig, Cota accelerates healthcare service development, improves capacity planning, fixes issues rapidly, and strengthens its security posture.

While the term ‘Java troubleshooting’ can apply to many, many scenarios, this post focuses on three particular long-standing Java production scenarios: a denial of service to a Java service endpoint, a memory leak, and troubleshooting a thread deadlock or race condition. Follow along as we use Java inside Docker containers to facilitate quick testing and show you how to use open source sysdig to quickly diagnose each troubleshooting scenario.

In the past few days, a new vulnerability was disclosed in a widely used component – jQuery File Upload plugin. A change in Apache’s Web Server security setting handling, exposed users of this plugin to an unrestricted file upload flaw. Let’s dig in on how to detect jQuery File Upload vulnerability (CVE-2018-9206) using Falco.

Security is a key consideration for any organization seeking to standardize and scale their cloud-native platforms. Falco, the behavioral activity monitoring tool from Sysdig, is becoming a popular option for open source container runtime security on cloud-native platforms built using Kubernetes, Cloud Foundry, and OpenShift.