The first video in the free "Falco Plugins" training course hosted at the Sysdig learning portal:
https://learn.sysdig.com/

We will introduce how Falco can be extended to be used for data sources beyond syscalls, opening up use cases covering detections on cloud-native platforms using any JSON compatible logs from cloud vendors, or sources such as AWS Cloudtrail.

For the full, free Falco Plugins course, including fully interactive hands-on labs, visit our learning portal at
https://learn.sysdig.com/path/falco/falco-plugins

If you are new to Falco, we recommend reviewing the Falco 101 videos (https://youtu.be/1QUyVddI2IE) and Falco 101 course as a first step:
https://learn.sysdig.com/falco-101

Below are some of the topics you can expect to find as part of Falco Plugins:

102.21 - AWS CloudTrail Falco Plugin
102.22 - Configuring an AWS CloudTrail Plugin in Falco
102.30 - Developing a Falco Plugin with SKO Go

Chapters:

00:00 Introduction

00:31 Falco & cloud workloads

01:09 Architecture

01:43 Plugin sources

02:23 Falco rules for plugins

03:14 Configuration

03:50 Types of plugins

04:22 Conclusion

MB01DICJ2QJINE5