Falcosidekick

Jan 1, 0001

Definition

Falcosidekick is a companion tool for Falco, an open-source runtime security tool for Kubernetes. It acts as an event router, forwarding security events detected by Falco to various outputs such as Slack, Elasticsearch, or Prometheus. This enables organizations to integrate Falco’s security insights into their existing monitoring and alerting systems, enhancing their ability to respond to potential threats in real-time.

Secure Settings Example

# falcosidekick.yaml
config:
  slack:
    webhookurl: "https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX"
    minimumpriority: "warning"
    outputformat: "all"
  tls:
    enabled: true
    skipverify: false

Insecure Settings Example

# falcosidekick.yaml
config:
  slack:
    webhookurl: "http://insecure-webhook-url.com"
    minimumpriority: "debug"
    outputformat: "text"
  tls:
    enabled: false
    skipverify: true

Falcosidekick

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter