diff --git a/falco/README.md b/falco/README.md index 3a70a52cfe695..9ba5e9f9f2df4 100644 --- a/falco/README.md +++ b/falco/README.md @@ -1,8 +1,8 @@ -# Falco Integration For Datadog +# Falco Integration for Datadog ## Overview -[Falco][1] is a cloud-native security tool. It provides near real-time threat detection for cloud, container, and Kubernetes workloads by leveraging runtime insights. Falco can monitor events defined via customizable rules from various sources, including the Linux kernel, and enrich them with metadata from the Kubernetes API server, container runtime, and more. +[Falco][1] is a cloud-native security tool. It provides near real-time threat detection for cloud, container, and Kubernetes workloads by leveraging runtime insights. Falco can monitor events defined with customizable rules from various sources, including the Linux kernel, and enrich them with metadata from the Kubernetes API server, container runtime, and more. This integration ingests the following logs: - Alert: Represents details such as the rule name, description, condition, output message, priority level, and tags @@ -13,15 +13,13 @@ The Falco integration seamlessly ingests the data of Falco logs using the Webhoo ### Configuration -#### Falco Integration Configuration - -- Update the settings in the configuration file (i.e., falco.yaml) as shown below: +- Update the settings in the configuration file (`falco.yaml`) as shown below: ```yaml json_output: true http_output: enabled: true - url: (e.g., https://http-intake.logs.datadoghq.com/api/v2/logs?dd-api-key=&ddsource=falco) + url: # such as https://http-intake.logs.datadoghq.com/api/v2/logs?dd-api-key=&ddsource=falco ``` - Restart the Falco using below command: @@ -44,7 +42,7 @@ The Falco integration seamlessly ingests the data of Falco logs using the Webhoo ### Logs -The Falco integration collects and forwards Falco Alert logs to Datadog. +The Falco integration collects and forwards Falco alert logs to Datadog. ### Metrics diff --git a/falco/assets/dashboards/falco_alerts.json b/falco/assets/dashboards/falco_alerts.json index 00a5c6ea9ef3d..54ab5755f5b78 100644 --- a/falco/assets/dashboards/falco_alerts.json +++ b/falco/assets/dashboards/falco_alerts.json @@ -15,7 +15,7 @@ "id": 7000735800317906, "definition": { "type": "note", - "content": "Falco is a cloud-native security tool. It provides near real-time threat detection for cloud, container, and Kubernetes workloads by leveraging runtime insights. Falco can monitor events defined via customizable rules from various sources, including the Linux kernel, and enrich them with metadata from the Kubernetes API server, container runtime, and more.\n\nThis dashboard provides information about events, syscalls, process, user, k8s, container, FD, etc logs generated on Falco.\n\nFor more information, see the [Falco Documentation](https://docs.datadoghq.com/integrations/falco/).\n\nTips:\n - Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n - Clone this dashboard to rearrange, modify and add widgets and visualizations.", + "content": "Falco is a cloud-native security tool. It provides near real-time threat detection for cloud, container, and Kubernetes workloads by leveraging runtime insights. Falco can monitor events defined with customizable rules from various sources, including the Linux kernel, and enrich them with metadata from the Kubernetes API server, container runtime, and more.\n\nThis dashboard provides information about events, syscalls, process, user, k8s, container, FD, and other logs generated on Falco.\n\nFor more information, see the [Falco Documentation](https://docs.datadoghq.com/integrations/falco/).\n\nTips:\n - Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n - Clone this dashboard to rearrange, modify and add widgets and visualizations.", "background_color": "white", "font_size": "14", "text_align": "left", @@ -1465,7 +1465,7 @@ { "id": 8459276178662880, "definition": { - "title": "Top Kubernates Namespaces", + "title": "Top Kubernetes Namespaces", "title_size": "16", "title_align": "left", "type": "toplist", @@ -1534,7 +1534,7 @@ { "id": 179518505970250, "definition": { - "title": "Top Kubernates pod Names", + "title": "Top Kubernetes Pod Names", "title_size": "16", "title_align": "left", "type": "toplist",