Skip to content

Commit

Permalink
Updated readme and dashboard
Browse files Browse the repository at this point in the history
  • Loading branch information
surabhipatel-crest committed Dec 20, 2024
1 parent 5a632d1 commit fded328
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 10 deletions.
12 changes: 5 additions & 7 deletions falco/README.md
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
# Falco Integration For Datadog
# Falco Integration for Datadog

## Overview

[Falco][1] is a cloud-native security tool. It provides near real-time threat detection for cloud, container, and Kubernetes workloads by leveraging runtime insights. Falco can monitor events defined via customizable rules from various sources, including the Linux kernel, and enrich them with metadata from the Kubernetes API server, container runtime, and more.
[Falco][1] is a cloud-native security tool. It provides near real-time threat detection for cloud, container, and Kubernetes workloads by leveraging runtime insights. Falco can monitor events defined with customizable rules from various sources, including the Linux kernel, and enrich them with metadata from the Kubernetes API server, container runtime, and more.
This integration ingests the following logs:

- Alert: Represents details such as the rule name, description, condition, output message, priority level, and tags
Expand All @@ -13,15 +13,13 @@ The Falco integration seamlessly ingests the data of Falco logs using the Webhoo

### Configuration

#### Falco Integration Configuration

- Update the settings in the configuration file (i.e., falco.yaml) as shown below:
- Update the settings in the configuration file (`falco.yaml`) as shown below:

```yaml
json_output: true
http_output:
enabled: true
url: <Datadog Webhook URL> (e.g., https://http-intake.logs.datadoghq.com/api/v2/logs?dd-api-key=<dd-api-key>&ddsource=falco)
url: <DATADOG_WEBHOOK_URL> # such as https://http-intake.logs.datadoghq.com/api/v2/logs?dd-api-key=<DD_API_KEY>&ddsource=falco
```
- Restart the Falco using below command:
Expand All @@ -44,7 +42,7 @@ The Falco integration seamlessly ingests the data of Falco logs using the Webhoo

### Logs

The Falco integration collects and forwards Falco Alert logs to Datadog.
The Falco integration collects and forwards Falco alert logs to Datadog.

### Metrics

Expand Down
6 changes: 3 additions & 3 deletions falco/assets/dashboards/falco_alerts.json
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
"id": 7000735800317906,
"definition": {
"type": "note",
"content": "Falco is a cloud-native security tool. It provides near real-time threat detection for cloud, container, and Kubernetes workloads by leveraging runtime insights. Falco can monitor events defined via customizable rules from various sources, including the Linux kernel, and enrich them with metadata from the Kubernetes API server, container runtime, and more.\n\nThis dashboard provides information about events, syscalls, process, user, k8s, container, FD, etc logs generated on Falco.\n\nFor more information, see the [Falco Documentation](https://docs.datadoghq.com/integrations/falco/).\n\nTips:\n - Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n - Clone this dashboard to rearrange, modify and add widgets and visualizations.",
"content": "Falco is a cloud-native security tool. It provides near real-time threat detection for cloud, container, and Kubernetes workloads by leveraging runtime insights. Falco can monitor events defined with customizable rules from various sources, including the Linux kernel, and enrich them with metadata from the Kubernetes API server, container runtime, and more.\n\nThis dashboard provides information about events, syscalls, process, user, k8s, container, FD, and other logs generated on Falco.\n\nFor more information, see the [Falco Documentation](https://docs.datadoghq.com/integrations/falco/).\n\nTips:\n - Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n - Clone this dashboard to rearrange, modify and add widgets and visualizations.",
"background_color": "white",
"font_size": "14",
"text_align": "left",
Expand Down Expand Up @@ -1465,7 +1465,7 @@
{
"id": 8459276178662880,
"definition": {
"title": "Top Kubernates Namespaces",
"title": "Top Kubernetes Namespaces",
"title_size": "16",
"title_align": "left",
"type": "toplist",
Expand Down Expand Up @@ -1534,7 +1534,7 @@
{
"id": 179518505970250,
"definition": {
"title": "Top Kubernates pod Names",
"title": "Top Kubernetes Pod Names",
"title_size": "16",
"title_align": "left",
"type": "toplist",
Expand Down

0 comments on commit fded328

Please sign in to comment.