Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[TRACKING] New anomalydetection Plugin - Targeting First Release for Falco 0.39.0 #3117

Open
incertum opened this issue Feb 27, 2024 · 0 comments
Open

[TRACKING] New anomalydetection Plugin - Targeting First Release for Falco 0.39.0 #3117

incertum opened this issue Feb 27, 2024 · 0 comments
Assignees
@incertum
Labels
kind/feature
Milestone
0.39.0

Comments

@incertum
Copy link
Contributor

Motivation

This issue is to track the development progress for a new anomalydetection plugin, as outlined in the Proposal.

The objective is to provide updates on the progress of the development, ensuring alignment with the proposed framework. Additionally, it aims to identify any potential blockers that may hinder progress.

The initial scope will focus exclusively on "CountMinSketch Powered Probabilistic Counting and Filtering" for a subset of syscalls and a selection of options to define behavior profiles. The primary objective of this new framework is to offer tangible advantages in real-world production environments and substantially improve the usability of standard Falco rules. Essentially, this framework eliminates the requirement for meticulous tuning of individual rules and facilitates the utilization of probabilistic count estimates to alleviate the impact of noisy rules. Additionally, it enables the creation of broader Falco rules.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@incertum incertum

Labels
kind/feature
Projects
None yet
Milestone
0.39.0
Development

No branches or pull requests
1 participant
@incertum