Announcing Falco 0.4.0

Falco 0.4.0 introduces significant enhancements, particularly in monitoring container and orchestration activities, with improved visibility into container information when matching events against Falco rules. Key features include new filterchecks like %container.privileged and %container.mount.*, which help detect events in privileged containers or those with specific mounts. The release also adds rules for detecting attempts to open files by processes in privileged containers or those with sensitive mounts, and incorporates Kubernetes and Marathon support to enrich event data with orchestration context. New tools like the event_generator Docker image allow users to test Falco's capabilities by simulating malicious activities. Additional features include a glob operator for pathname matching, a pmatch operator for testing path prefixes, verbose output enhancements, and the ability to write trace files. The update is accessible through rpm/debian packages, Docker Hub, and GitHub, with further details available on the Falco website.