Skip to content
Cloud Native Security Hub - Security Resources
Makefile Dockerfile
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
resources Merge pull request #17 from falcosecurity/change-warn-to-warning Jan 21, 2020
vendors Add CoC and CONTRIBUTING guide Oct 16, 2019
Dockerfile Package vendors in the docker image Sep 3, 2019
LICENSE Initial commit Aug 9, 2019

Cloud Native Security Hub

last commit licence

Cloud Native Security Hub is a platform for discovering and sharing rules and configurations for cloud native security tools.

This repository contains all the security resources which will be displayed on


Adding a new Falco Rule

You can use the following template or copy from any existent resource.

apiVersion: v1
kind: FalcoRules
vendor: Apache # This is the provider name, is shipped by the vendor or by the community?
name: Apache # The name of the rule, is this for a product or we are protecting against a CVE
shortDescription: Falco rules for securing Apache HTTP Server # What does this rule does?
version: 1.0.0 # The version of the security resource
description: |
  # This is markdown!

  Add *anything* you want and it will be rendered on the security hub!

keywords: # A list of keywords. See the categories on
  - web
icon: # A reference to an icon or an image for the rule
maintainers: # Who are maintaining this rule?
  - name: Nestor Salceda # Maintainer
    link: # His/her GitHub link
  - name: Fede Barcelona
  - raw: |
      # Here goes the Falco rule itself, written in YAML

      - rule: Unexpected inbound tcp connection apache
        desc: Detect inbound traffic to apache using tcp on a port outside of expected set
        condition: inbound and evt.rawres >= 0 and not in (apache_allowed_inbound_ports_tcp) and app_apache
        output: Inbound network connection to apache on unexpected port (command=%proc.cmdline image=%container.image)
        priority: NOTICE


Contributors are welcome!

See the

You can’t perform that action at this time.