Falco
About
Falco can be used for threat detection.
Before activating Falco, please first check which Driver to see which driver to use:
-
module
-
ebpf (default)
-
modern-bpf
If you know which driver should be used, activate Falco, go to the Values
, add the Driver
and submit changes. Now Deploy Changes
.
When Falco is installed, APL will add a set of rules to white-list
all known behaviour. These rules are added using the Raw Values.