View Issue Details

IDProjectCategoryView StatusLast Update
0008668Kali LinuxQueued Tool Additionpublic2024-08-03 16:27
Reporterkalicccon Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status acknowledgedResolutionopen 
Summary0008668: Falcosidekick-ui - runtime security monitoring & detection for containers
Description

This is a community request to consider including opensource Falco and Falcosidekick-ui, for runtime security monitoring & detection for containers and Kubernetes resources in the next Kali Purple release.

There could be a container runtime security module - for individuals running containers locally on-prem, something like this could come preinstalled.
List of commands I currently successfully run manually on fresh Kali Purple, to get Falcosidekick-ui u and running and test: https://pastebin.com/dKy2mQhJ

Video on-demand on the tool: https://community.cncf.io/events/details/cncf-cncf-online-programs-presents-cloud-native-live-falcosidekick-the-swiss-army-knife-for-cloud-native-security-amp-observability/purchased/7783a246bd20454db84748a424cde563

Activities

kalicccon

kalicccon

2024-03-14 15:14

reporter   ~0019023

Last edited: 2024-03-14 15:21

3 screenshots of Falcosidekick-ui:

https://imgur.com/xWkdpDF

https://imgur.com/ZfcgDjn

https://imgur.com/8g4m8Vd

Arszilla

Arszilla

2024-03-14 21:32

reporter   ~0019024

Please refer to the docs on how to submit proper requests for tool requests: https://www.kali.org/docs/tools/submitting-tools/

kalicccon

kalicccon

2024-03-15 13:00

reporter   ~0019032

Thank you for the follow-up, Arszilla. I will reach out to the maintainers of the project to check if there is such interest. Be right back.

g0tmi1k

g0tmi1k

2024-04-26 15:16

administrator   ~0019210

Homepage: https://github.com/falcosecurity/falcosidekick-ui

g0tmi1k

g0tmi1k

2024-08-02 15:00

administrator   ~0019597

@kali-team, please could this be packaged up.
@author, If you want to help the packaging process, you can check the documentation here:

kalicccon

kalicccon

2024-08-03 16:27

reporter   ~0019601

Hi team! I have a blessing from the project author (Issif) to pack it, now there's also available Falco Talon - accompanying response engine https://github.com/falco-talon/falco-talon?tab=readme-ov-file#falco-talon, I just have to figure out how to do it.

Here is an example of a manual install on Kali Purple https://cc-connected.com/blog/projects/kubernetes-threat-detection-falco-sidekick-homelab/ but even better if I figure out packing it, it will take me some time.

Issue History

Date Modified Username Field Change
2024-03-14 15:09 kalicccon New Issue
2024-03-14 15:14 kalicccon Note Added: 0019023
2024-03-14 15:21 kalicccon Note Edited: 0019023
2024-03-14 21:32 Arszilla Note Added: 0019024
2024-03-15 13:00 kalicccon Note Added: 0019032
2024-04-26 15:16 g0tmi1k Note Added: 0019210
2024-04-29 08:40 daniruiz Summary Falcosidekick-ui runtime security monitoring & detection for containers => Falcosidekick-ui - runtime security monitoring & detection for containers
2024-08-02 15:00 g0tmi1k Note Added: 0019597
2024-08-02 15:00 g0tmi1k Status new => acknowledged
2024-08-02 15:00 g0tmi1k Category New Tool Requests => Queued Tool Addition
2024-08-03 16:27 kalicccon Note Added: 0019601