Falco finding

This rule is part of a beta feature. To learn more, contact Support.
falco
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Respond to potential security threats detected by Falco rules promptly and effectively, minimizing the risk of security breaches and ensuring the integrity of the system.

Strategy

Trigger notifications for any potential security threat detected by Falco default or custom rules.

Triage and Response

  1. Review the log detected with the specific rule, affected hostname, and priority level.
  2. Investigate relevant logs, network traffic captures, and system data to identify the root cause.
  3. Determine the potential impact and legitimacy of the activity. If the activity is deemed benign, tune the rule in Falco.

Note

If the noise level is too high from these signals, you can upgrade, tune, or override your Falco rules, as appropriate. This 3rd party rule only elevates Falco alerts from logs if they have the maturity_stable value in the Falco @tags fields, not the Datadog tags field.

References