add highlights for 2023-11-16

src/content/changes/highlights/2023-11-16.md

@@ -0,0 +1,30 @@
+---
+date: 2023-11-16T14:00:00
+title: Highlights for the week ending Nov 16 2023
+changes_categories:
+  - Highlights
+owner:
+  - https://github.com/orgs/giantswarm/teams/sig-product
+---
+## Apps
+
+### Falco
+
+- [`Falco`](https://github.com/giantswarm/falco-app) [`0.7.0`](https://github.com/giantswarm/falco-app/releases/tag/v0.7.0) is released. It means the underlying component version is higher than `0.36.0`. The update contains [`falcoctl`](https://github.com/falcosecurity/falcoctl) tool which helps to administrate Falco configuration and audit the state of the system. From now on `Falco` images will not be longer shipped with rules inside the image. Instead, they will use an init container to download the rules from an official repository and will check frequently for updates. As a consequence, the amount of rules `Falco` installs has drastically been lowered, and the previous ruleset has been divided into several categories, `Standard`, `Incubating`, and `Sandbox`. This reduces the noise in general but in case the previous ruleset is required, it is possible to enable this using the command line tool. For more information about the new situation, check Falco's new [`rules repository`](https://github.com/falcosecurity/rules). 
+
+## General
+
+- Logging infrastructure is now available on AWS and CAPA management clusters.
+  - [Loki](https://github.com/giantswarm/loki-app/) and [Promtail](https://github.com/giantswarm/promtail-app/) are deployed on AWS and CAPA management clusters
+  - You can query for following Logs:
+    - Kubernetes Pods
+    - Audit logs from Kubernetes API server
+    - Systemd units
+  - Logs retention is set to 1 month
+  - Only Management cluster Logs are available (for now)
+  - Access Logs using Grafana, see [usage doc](https://handbook.giantswarm.io/docs/observability/loki-usage/)
+
+## Documentation
+
+
+