[Workshop Alert] Mastering Observability with OpenTelemetry Fundamentals - Register Now!

Start Free Trial Get a Demo
Start Free Trial Request Demo

Quick Start Security for Falco

Falco
Falco icon

Coralogix Extension For Falco Includes:

Alerts - 6

Stay on top of Falco key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

Error priority alert

This alert type aggregates all Falco alerts that are error in nature. Falco's error priority is triggered once there is a file writing state inside the container or k8s pod. Please refer to the rule, desc and source fields in the logs to get more information regarding the relevant alert. Impact Depends on the type of granular alert. See more details in the log itself. Mitigation Depends on the type of granular alert. See more details in the log itself.

Warning priority alert

This alert type aggregates all Falco alerts that are warning in nature. Flaco's warning priority rules are triggered once there is an unauthorized read attempt of sensitive files. Please refer to the rule, desc and source fields in the logs to get more information regarding the relevant alert. Impact Depends on the type of granular alert. See more details in the log itself. Mitigation Depends on the type of granular alert. See more details in the log itself.

Notice priority alert

This alert type aggregates all Falco alerts that are notice in nature. Falco's notice priority rule is triggered once it detects an unexpected behavior like unexpected shell spawn, etc. Please refer to the rule, desc and source fields in the logs to get more information regarding the relevant alert. Impact Depends on the type of granular alert. See more details in the log itself. Mitigation Depends on the type of granular alert. See more details in the log itself.

Informational priority alert

This alert type aggregates all Falco alerts that are informational in nature. Falco's informational priority rule is triggered once a best practice is broken like an unexpected privileged container with sensitive mounts are started. Please refer to the rule, desc and source fields in the logs to get more information regarding the relevant alert. Impact Depends on the type of granular alert. See more details in the log itself. Mitigation Depends on the type of granular alert. See more details in the log itself.

Critical priority alert

This alert type aggregates all Falco alerts that are critical in nature. Falco's critical priority is triggered once there is an container running error or a virus/malware detected in the container that can affects its functionality or there is a suspicious network activity detected. Please refer to the rule, desc and source fields in the logs to get more information regarding the relevant alert. Impact Depends on the type of granular alert. See more details in the log itself. Mitigation Depends on the type of granular alert. See more details in the log itself.

No logs from Falco

This rule detects if there are no logs in the last 12 hours for Falco in the customer account. Note- This alert should configured with relevant app & subsystem. Impact Disabling logging is a tactic that adversaries might employ as part of various MITRE ATT&CK techniques to avoid detection, cover their tracks, or impede incident response investigations. Mitigation Address logging concerns to ensure comprehensive monitoring within the Coralogix SIEM system. MITRE Tactic: TA0005 MITRE Technique:T1562

Integration

Learn more about Coralogix's out-of-the-box integration with Falco in our documentation.

Read More
Schedule Demo

300+ Integrations

View More
Akamai
Akamai
JIRA
JIRA
Logstash
Logstash
Prometheus
Prometheus
Fluent Bit
Fluent Bit
Kubernetes
Kubernetes
Amazon CloudWatch
Amazon CloudWatch
GCP Log Explorer
GCP Log Explorer
CircleCI
CircleCI
Slack
Slack
PagerDuty
PagerDuty
Jenkins
Jenkins
OTel
OTel
CrowdStrike Falcon
CrowdStrike Falcon
Teams
Teams
AWS Lambda
AWS Lambda
GitHub
GitHub
Azure
Azure
Cortex XSOAR
Cortex XSOAR
AWS S3
AWS S3