Skip to content

Latest commit

 

History

History
15 lines (11 loc) · 624 Bytes

README.md

File metadata and controls

15 lines (11 loc) · 624 Bytes

falco2seccomp

This tool is designed to convert Falco JSON logs to Docker seccomp profiles

The Falco rule which this tool is designed to work with looks like:

- rule: container_syscall
  desc: Capture syscalls for any docker container
  priority: WARNING
  condition: container.id != host and syscall.type exists
  output: "%container.id:%syscall.type"

This tool was first introduced in Using-Falco-to-secure-Docker-containers