[Ansible Galaxy] Use Ansible falco to setup and monitor Falco Behavioral activity

Posted on Edited on In , , , Views: Word count in article: 1.5k Reading time ≈ 1 mins.

Falco Behavioral activity monitor ansible role

This ansible role to setup Falco https://falco.org/ Falco Open-Source Cloud-Native Security Project | Sysdig - https://sysdig.com/opensource/falco/ falcosecurity/falco: Cloud Native Runtime Security - https://github.com/falcosecurity/falco

Falco, the cloud-native runtime security project, is the de facto Kubernetes threat detection engine

Falco was created by Sysdig in 2016 and is the first runtime security project to join CNCF as an incubation-level project. Falco detects unexpected application behavior and alerts on threats at runtime.

Installation

First, Install Ansible.

1
2
3
4
# Mac OS X
$ brew install ansible

$ ansible --version

Then, install it use:

1
$ ansible-galaxy install git+https://github.com/juju4/ansible-falco.git

Requirements & Dependencies

Ansible

It was tested on the following versions:

  • 2.0

  • 2.5

Operating systems

Target Debian/Ubuntu and Redhat/Centos.

Example Playbook

Just include this role in your list. For example

1
2
3
- host: all
  roles:
    - falco

References

[1] andrewrothstein.anaconda | Ansible Galaxy - https://galaxy.ansible.com/andrewrothstein/anaconda

[2] juju4/ansible-falco: Ansible role to setup Falco, behavioral security with sysdig - https://github.com/juju4/ansible-falco/

[3] Falco - https://falco.org/

[4] Falco Open-Source Cloud-Native Security Project | Sysdig - https://sysdig.com/opensource/falco/

[5] falcosecurity/falco: Cloud Native Runtime Security - https://github.com/falcosecurity/falco

[6] Ansible is Simple IT Automation - https://www.ansible.com/

[7] Installing Ansible — Ansible Documentation - https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html