Will via plug on 9 Apr 2022 13:39:19 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Book: Practical Cloud Native Security with Falco

Anything regarding eBPF is ALWAYS interesting. I'll have to pick up the book. Thanks for the heads up JP!

-Will C

On Sat, Apr 9, 2022 at 3:09 PM JP Vossen via plug <plug@lists.phillylinux.org> wrote:
I ran across this _Practical Cloud Native Security with Falco_ while looking for something else.  It won't be published until 2022-11, but I read some of the early release and it's interesting.  I'm surprised I didn't already know about Falco, but I didn't.

Take the idea of `libpcap` and the awesome tools that came out of that like WireShark and Snort, then do the same with with eBPF.  So eBPF (kernel-side) = `libpcap` and Falco = Snort.  Very cool.

It seems like Falco can fill the same sort of niche as Wazuh (OSSec), except maybe at a lower level.

https://en.wikipedia.org/wiki/EBPF
https://falco.org/
https://wazuh.com/

Later,
JP
--  -------------------------------------------------------------------
JP Vossen, CISSP | http://www.jpsdomain.org/ | http://bashcookbook.com/
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug