github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-21 09:59:40 +00:00
Code Issues Projects Releases Wiki Activity

cleanup(config): add more info

Browse Source 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
This commit is contained in:
Melissa Kilby 2023-08-31 21:28:36 -07:00 committed by poiana
parent 62e762a467
commit 08237b946f
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
falco.yaml
View File

@ -134,6 +134,10 @@
# By arranging the order of files and rules thoughtfully, you can ensure that
# desired customizations and rule behaviors are prioritized and applied as
# intended.
#
# With Falco 0.36 and beyond, it's now possible to apply multiple rules that match
# the same event type, eliminating concerns about rule prioritization based on the
# "first match wins" principle. Read more under the `rule_matching` configuration.
rules_file:
- /etc/falco/falco_rules.yaml
- /etc/falco/falco_rules.local.yaml
@ -744,6 +748,8 @@ syscall_event_drops:
metrics:
enabled: false
interval: 1h
# Typically, in production, you only use `output_rule` or `output_file`, but not both.
# However, if you have a very unique use case, you can use both together.
output_rule: true
# output_file: /tmp/falco_stats.jsonl
resource_utilization_enabled: true