Falco

About

Falco can be used for threat detection.

Before activating Falco, please first check which Driver to see which driver to use:

• module

• ebpf (default)

• modern-bpf

If you know which driver should be used, activate Falco, go to the Values, add the Driver and submit changes. Now Deploy Changes.

When Falco is installed, APL will add a set of rules to white-list all known behaviour. These rules are added using the Raw Values.