Falco with Roost - Runtime Security for K8s

Owned by Harish Agrawal
Last updated: Oct 08, 2021 by Pavan Kumar
3 min read

  • Enable/Disable Falco for Local and Remote Clusters

    • Click on the Menu Bar -- Cluster > Cluster Management.

    • Or you can use the Roost Quick Access Toolbar on right side to view Cluster Management

    • Click on the cluster for which Falco is needed.

    • Switch to Third Party Tools tab ,click on the edit option [which is in the top right corner],toggle the button against the Falco Security to enable/disable Falco ,and then click on save.

    • To install or uninstall Falco it takes a few minutes (up to 5 minutes)

    • The falco (un)install logs are visible in the bottom pane (terminal) or can be accessed using Roost Toolbar “Logs” icon

  • Security Events

    • Click on the Menu Bar -- Security > Runtime Security Events, to view falco security events.

       

  • Falco Dashboard

    Roost Falco Dashboard consists of three elements:

    • Rule Library: 

      • Rule Library tab consists of default and custom rules that are applied to a cluster. 

      • The help icon on the top right corner is a quick guide to Falco.

      • Users can configure (Enable / Disable) these rules by clicking on the configure rules button.

       

      • After configuring the rules click on the Save button to save the changes.

         

      • To apply the changes click on the Update Falco button to update falco pods.

         

      • Users can also create their own custom rules by clicking on the add rules button.

       

      • Users can also edit the custom rules as well as delete the custom rules.

         

    • Macros:

      • Falco Macros tab consists of default and custom macros.

         

      • Users can also create their own custom macros by clicking on the add macros button.

       

      • Users can also append to the default macro and also edit them. Users can also edit custom macros as well as delete them.

         

    • Lists:

      • Falco Lists tab consists of default and custom lists.

         

      • Users can also create their own custom lists by clicking on the add lists button.

         

      • Users can also append to the default lists and also edit them. Users can also edit custom lists as well as delete them.

         

  • Grafana Dashboard

    • User can view grafana dashboard by clicking Grafana Dashboard button in Falco dashboard page.