Slide 8
Slide 8 text
8
Falco
Syscall based attack detection OSS
Linux Kernel
Falco probe
Process
Process
syscall
syscall
Syscall execute open files,
network connections,
spawn new process, etc
Catch and analyze syscall
→ Detect secret file read,
malicious network access,
spawn malicious process, etc