generated from falcosecurity/template-repository
-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Donate Falco Talon to Falcosecurity org [Incubation level] #403
Labels
Comments
+1 |
1 similar comment
+1 |
Big +1 from me! |
cc @falcosecurity/core-maintainers |
+1 from me! Thanks @Issif! |
+1 🚀 |
GO FOR IT GO GO GO ! ! ! ! ! ! |
+1 from me! |
+1 awesome |
+1 for the response! |
+1 from my side! |
Since we all agree on this, I guess it's time to proceed! 🥳 I will take care of the transfer |
I'll prepare the talon's repo for the OWNERS, etc next week. Thank you for your support folks ❤️ |
leogr
added a commit
to falco-talon/falco-talon
that referenced
this issue
Sep 26, 2024
This was referenced Sep 26, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Repository: https://github.com/falco-talon/falco-talon
Motivation
We all consider Falco as one of the best runtime security tools in the world, it has much more integrations with 3rd parties than any other project in the field (thanks to Falcosidekick), it can also collect and analyze any stream of events with its plugins. But since the beginning, the adopters ask for a key feature: the reaction.
With the integrations of well known FaaS in Falcosidekick, we started a series of blog posts to show how to create from scratch what we call a "response engine". All these systems are modular, flexible, robust, but they all require a lot of developments, to deal with the Falco payload format, the errors, the retries, the authentication to the API (AWS, Kubernetes Control Plane), the logs, the metrics, etc.
Not all users and companies have the skills and/or the budgets to deal with that.
This is exactly to answer these needs, we designed and created
Falco Talon
, of which the first version is officially out.Falco Talon, is a tailor made response engine, specifically crafted to work with Falco. The end users just have to write rules to correlated Falco events with actions to perform. The actions use "actionners", on catalog bundles, to respond in the best possible way.
To know more about the project, a whole website with its docs has been created: https://docs.falco-talon.org
From the beginning, the UX has been developed to be close to the Falco's. The rules files are yaml files, the rules can be overridden,
action
blocks can be re-used among the rules, like are themacros
for Falco.The project has been introduced to the community, in the Slack channel, and in the weekly community call, a few months ago. In the past months, some users already tested it and we gave talks at some events to show its features. It helped a lot the development by collecting really useful feedback.
The Docker images of the project have been pulled almost 100k times, showing a growing interest in the project:
With the release of the first GA version, to benefit of the traction of the falcosecurity organization, of poiana to manage the issues/PRs, to publish the helm chart of Talon with the other (and allow to set ip as a dependency for an easy install), and because the project is well advanced, I'm proposing to donate the Falco Talon project to the falcosecurity org at the Incubation level.
Edit: we will be 2 owners at the beginning:
Thanks
The text was updated successfully, but these errors were encountered: