Rule language improvements: override option • Testing and stability improvements: increased e2e tests coverage, new kernel and linux distributions • Performance improvements: Falco joined CNCF’s green reviews working group • Rules maturity framework: stable, incubating, sandbox, deprecated • Plugins: ◦ new plugins: Anomaly Detection, K8S Cluster Metadata, Hashicorp Vault ◦ improvements in plugin API: C++ SDK, Go SDK, more to come • Falcosidekick - more outputs: Dynatrace, Sumologic, Qucikwit, etc • falcoctl - now used for downloading drivers • Falco playground: try and test falco rules at play.falco.org