This repository contains a collection of rules, configurations, and scripts focused on enhancing security detection for cloud-native infrastructure. The resources here are designed to help identify and respond to threats in modern cloud environments, leveraging tools like Falco and Sigma.
Falco Rules: Custom Falco detection rules for monitoring and detecting suspicious activities in Kubernetes and cloud-native environments. These rules help detect abnormal behavior, such as privilege escalations, unauthorized container activity, and other security violations in real-time.
Sigma Rules: Platform-agnostic Sigma rules for translating threat detection use cases into various security information and event management (SIEM) systems. These rules focus on detecting suspicious activities across cloud services, containers, and infrastructure.
Additional Detection Engineering: Scripts, configurations, and templates for various detection mechanisms across cloud-native platforms. This includes log parsing, alerting configurations, and integrations with security tools to ensure comprehensive coverage of the attack surface.
Real-Time Threat Detection: Enable proactive monitoring and detection of potential threats in cloud-native environments through robust rule sets. Platform-Agnostic Rules: Provide a library of detection rules that can be easily adapted to different platforms and SIEM solutions. Continuous Improvement: Regularly update and refine detection rules based on new threat intelligence and security research.
Falco Rules: Deploy custom rules to your Falco setup to start monitoring Kubernetes and other containerized workloads for suspicious activities. Sigma Rules: Convert Sigma rules into your SIEM-compatible format and integrate them into your security monitoring pipeline. Custom Scripts: Use the additional detection engineering resources to enhance your security posture across cloud-native infrastructure.