Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Quick Start Security for Falco

Falco
Falco icon

Out-of-the-Box Security For Falco Includes:

Alerts - 6

Stay on top of Falco key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.

Error priority alert

This alert type aggregates all Falco alerts that are error in nature. Falco's error priority is triggered once there is a file writing state inside the container or k8s pod. Please refer to the rule, desc and source fields in the logs to get more information regarding the relevant alert. Impact Depends on the type of granular alert. See more details in the log itself. Mitigation Depends on the type of granular alert. See more details in the log itself.

Warning priority alert

This alert type aggregates all Falco alerts that are warning in nature. Flaco's warning priority rules are triggered once there is an unauthorized read attempt of sensitive files. Please refer to the rule, desc and source fields in the logs to get more information regarding the relevant alert. Impact Depends on the type of granular alert. See more details in the log itself. Mitigation Depends on the type of granular alert. See more details in the log itself.

Notice priority alert

This alert type aggregates all Falco alerts that are notice in nature. Falco's notice priority rule is triggered once it detects an unexpected behavior like unexpected shell spawn, etc. Please refer to the rule, desc and source fields in the logs to get more information regarding the relevant alert. Impact Depends on the type of granular alert. See more details in the log itself. Mitigation Depends on the type of granular alert. See more details in the log itself.

Informational priority alert

This alert type aggregates all Falco alerts that are informational in nature. Falco's informational priority rule is triggered once a best practice is broken like an unexpected privileged container with sensitive mounts are started. Please refer to the rule, desc and source fields in the logs to get more information regarding the relevant alert. Impact Depends on the type of granular alert. See more details in the log itself. Mitigation Depends on the type of granular alert. See more details in the log itself.

Critical priority alert

This alert type aggregates all Falco alerts that are critical in nature. Falco's critical priority is triggered once there is an container running error or a virus/malware detected in the container that can affects its functionality or there is a suspicious network activity detected. Please refer to the rule, desc and source fields in the logs to get more information regarding the relevant alert. Impact Depends on the type of granular alert. See more details in the log itself. Mitigation Depends on the type of granular alert. See more details in the log itself.

No logs from Falco

This rule detects if there are no logs in the last 12 hours for Falco in the customer account. Note- This alert should configured with relevant app & subsystem. Impact Disabling logging is a tactic that adversaries might employ as part of various MITRE ATT&CK techniques to avoid detection, cover their tracks, or impede incident response investigations. Mitigation Address logging concerns to ensure comprehensive monitoring within the Coralogix SIEM system. MITRE Tactic: TA0005 MITRE Technique:T1562

Documentation

Learn more about Coralogix's out-of-the-box integration with Falco in our documentation.

Read More
Schedule Demo