github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-15 14:28:39 +00:00
Code Issues Projects Releases Wiki Activity

adds docker-compose config

Browse Source 
Signed-off-by: Bill Vandenberk <bill@vandenberk.me>
This commit is contained in:
Bill Vandenberk
2024-08-08 17:56:40 -04:00
committed by poiana
parent 8a3cb7608a
commit 48442be91e
3 changed files with 50 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -43,6 +43,8 @@ Considerations and guidance for Falco adopters:
5. Integrate with output destinations: Integrate Falco with SIEM, data lake systems, or other preferred output destinations to establish a robust foundation for comprehensive data analysis and enable effective incident response workflows. 5. Integrate with output destinations: Integrate Falco with SIEM, data lake systems, or other preferred output destinations to establish a robust foundation for comprehensive data analysis and enable effective incident response workflows.
### Demo Environment
A demo environemnt is provided via a docker-compose file that can be started on a docker host which includes falco, falcosidekick, falcosidekick-ui and its required redis database. For more information see the [docker-compose readme](docker/docker-compose/README.md)
## How to Contribute ## How to Contribute

14
docker/docker-compose/README.md Normal file
View File

@@ -0,0 +1,14 @@
# A Warning
This environment is provided for demonstration purposes only and does not represent a production ready deployment of falco
# Components
The components that this docker-compose file spins up are falco, falcosidekick, falcosidekick-ui and a redis database
# Running
To start this environment run `docker-compose up`
# Cleaning up
To clean up run `docker-compose rm`
# Generating events
If you'd like to generate events that will trigger rules and show up in the UI you can run `docker run -it --rm falcosecurity/event-generator run syscall --loop`

34
docker/docker-compose/docker-compose.yaml Normal file
View File

@@ -0,0 +1,34 @@
version: "3"
services:
falco:
container_name: falco
cap_drop:
- all
cap_add:
- sys_admin
- sys_resource
- sys_ptrace
volumes:
- /var/run/docker.sock:/host/var/run/docker.sock
- /proc:/host/proc:ro
- /etc:/host/etc:ro
command: '/usr/bin/falco -o http_output.enabled=true -o http_output.url="http://falco-sidekick:2801/"'
image: falcosecurity/falco-no-driver:latest
sidekick:
container_name: falco-sidekick
image: falcosecurity/falcosidekick
environment:
WEBUI_URL: http://falco-webui:2802
webui:
container_name: falco-webui
image: falcosecurity/falcosidekick-ui:2.2.0
ports:
- 2802:2802
depends_on:
- redis
command: ['-r', 'redis:6379', '-d']
redis:
image: redis/redis-stack:7.2.0-v11