Falco 0.8.1 Released

Falco 0.8.1 introduces significant updates aimed at enhancing security and usability, including major improvements to its ruleset to reduce false positives and broaden threat coverage, informed by extensive beta testing with Sysdig customers. The release formalizes the separation of default and local rules files, facilitating easier customization and retention of updates during software upgrades, and moves configuration files for consistency. It also introduces the ability to extend lists, macros, and rules with an append attribute, simplifies alert management with a keep_alive feature for continuous program execution, and allows JSON output for better integration with external programs. Additional enhancements include options for unbuffered data transmission, validation of single rules files, and filtering rules by severity, with the update available through RPM/Debian packages, Docker Hub, and GitHub.