A Swiss Army Knife is renowned for its versatility, offering multiple tools in one compact package. Similarly, while Falco provides five standard outputs for its security events—stdout, file, gRPC, shell, and HTTP—these can sometimes fall short when integrating with other components. Enter Falcosidekick: a powerful daemon designed to vastly extend Falco’s output capabilities. With over 60+ integration points, Falcosidekick elevates Falco’s security events, making them a cornerstone of security automation efforts. It not only enables the addition of custom fields to events, such as environment or region, enhancing event context, but also offers metrics on event occurrences. Furthermore, Falcosidekick introduces an intuitive Web UI, allowing for real-time monitoring of events alongside a suite of insightful data visualisations, including volumetric histograms and pie charts. Discover how Falcosidekick can transform your approach to security observability and activity alerting, truly embodying the spirit of a Swiss Army Knife in the realm of cloud-native security.
Recorded: Tuesday February 20, 2024