add deprecation messages

About-Falco.md

@@ -1,3 +1,8 @@
+# FALCO DOCUMENTATION HAS MOVED
+**The [new home](https://falco.org/docs) for Falco Documentation can be found on the [main Falco site](https://falco.org/docs).**
+
+**This page can be found at https://falco.org/docs**
+
 # About Falco
 Falco is a behavioral activity monitor designed to detect anomalous activity in your applications. Powered by sysdig’s system call capture infrastructure, Falco lets you continuously monitor and detect container, application, host, and network activity... all in one place, from one source of data, with one set of rules.
 

Actions-For-Dropped-System-Call-Events.md

@@ -1,3 +1,8 @@
+# FALCO DOCUMENTATION HAS MOVED
+**The [new home](https://falco.org/docs) for Falco Documentation can be found on the [main Falco site](https://falco.org/docs).**
+
+**This page can be found at https://falco.org/docs/event-sources/dropped-events/**
+
 # Introduction
 
 A new feature in 0.15.0 allows Falco to take actions when it detects dropped system call events. When system call events are dropped, Falco may have problems building its internal view of the processes, files, containers, and orchestrator metadata in use, which in turn may affect rules that depend on that metadata. These actions make it easier to detect when dropped system calls are occurring.

Falco-Alerts.md

@@ -1,3 +1,8 @@
+# FALCO DOCUMENTATION HAS MOVED
+**The [new home](https://falco.org/docs) for Falco Documentation can be found on the [main Falco site](https://falco.org/docs).**
+
+**This page can be found at https://falco.org/docs/alerts/**
+
 # Falco Alerts
 
 Falco can send alerts to one or more channels:

Falco-Configuration.md

@@ -1,3 +1,8 @@
+# FALCO DOCUMENTATION HAS MOVED
+**The [new home](https://falco.org/docs) for Falco Documentation can be found on the [main Falco site](https://falco.org/docs).**
+
+**This page can be found at https://falco.org/docs/configuration/**
+
 # Falco Configuration
 
 Falco's configuration file is a [YAML](http://www.yaml.org/start.html)

Falco-Default-and-Local-Rules-Files.md

@@ -1,3 +1,8 @@
+# FALCO DOCUMENTATION HAS MOVED
+**The [new home](https://falco.org/docs) for Falco Documentation can be found on the [main Falco site](https://falco.org/docs).**
+
+**This page can be found at https://falco.org/docs/rules/default-custom/**
+
 Starting with Falco 0.8.0, falco officially supports the notion of a _default_ rules file and a _local_ rules file. This has previously been supported by running falco with multiple `-r` arguments. In 0.8.0, we're formalizing this notion to make it easier to customize falco's behavior but still retain access to rule changes as a part of software upgrades. Of course, you can always customize the set of files you want to read by changing the `rules_file` option in `falco.yaml`.
 
 The default rules file is always read first, followed by the local rules file.

Falco-Examples.md

@@ -1,3 +1,8 @@
+# FALCO DOCUMENTATION HAS MOVED
+**The [new home](https://falco.org/docs) for Falco Documentation can be found on the [main Falco site](https://falco.org/docs).**
+
+**This page can be found at https://falco.org/docs/examples/**
+
 # Falco Examples
 
 Here are some examples of the types of behavior falco can detect.

Falco-Formatting-for-Containers-and-Orchestration.md

@@ -1,3 +1,9 @@
+# FALCO DOCUMENTATION HAS MOVED
+**The [new home](https://falco.org/docs) for Falco Documentation can be found on the [main Falco site](https://falco.org/docs).**
+
+**This page can be found at https://falco.org/docs/alerts/formatting/**
+
+
 Like sysdig, falco has native support for containers and orchestration environments. With `-k`, falco communicates with the provided K8s API server to decorate events with the K8s pod/namespace/deployment/etc. associated with the event. With `-m`, falco communicates with the marathon server to do the same thing.
 
 Like sysdig, falco can be run with `-pk`/`-pm`/`-pc`/`-p` arguments that change the formatted output to be a k8s-friendly/mesos-friendly/container-friendly/general format. However, unlike sysdig, the source of formatted output is in the set of rules and not on the command line. This page provides more detail on how `-pk`/`-pm`/`-pc`/`-p` interacts with the format strings in the `output` attribute of rules.

Falco-Kernel-Module.md

@@ -1,3 +1,8 @@
+# FALCO DOCUMENTATION HAS MOVED
+**The [new home](https://falco.org/docs) for Falco Documentation can be found on the [main Falco site](https://falco.org/docs).**
+
+**This page can be found at https://falco.org/docs/event-sources/kernel-module/**
+
 # Introduction
 
 Falco depends on a kernel module that taps into the stream of system calls on a machine and passes those system calls to user space.

Falco-Roadmap.md

@@ -1,21 +0,0 @@
-Here's a sketch of the features we're planning on adding to Falco in the next several releases. When relevant, we've included links to the relevant github issues. Afterward, we'll list the specific features we're planning on adding in the next Falco relase (0.7.0). Of course, plans may change, but this should give you an idea of what's on the roadmap for Falco. If you see specific features you're especially excited for, or if you have features that you'd like to see that aren't on this list, let us know!
-
-# Overall Roadmap
-
-## Rule Improvements:
-
-* Bring back rulesets devoted to specific applications like apache, cassandra, etc. We originally commented these out as enabling them all slowed down falco too much, but we probably have more headroom now that rules are initially filtered by event type. Also if we add rule triggers they will only be enabled when the process is running. [[#183](https://github.com/draios/falco/issues/183)]
-* Add rules that implement as much of the CIS Docker benchmark as possible in falco. [[#186](https://github.com/draios/falco/issues/186)]
-
-## Rule Mechanics Improvements
-
-* Rule triggers--load/unload sets of rules based on other rules firing. This allows gateways based on processes starting/stopping. [[#149](https://github.com/draios/falco/issues/149)]
-
-## New measurement capabilities
-* Have the trigger for a rule be meta-information like resource usage instead of a specific action. [[#167](https://github.com/draios/falco/issues/167)]
-* Flight data recorder--when a rule triggers, save the last N events to a trace file. [[#81](https://github.com/draios/falco/issues/81)]
-
-# 0.14.0 Planned Features
-
-* Add rulesets that provide support for specific applications packaged as containers.
-* Add rules that implement as much of the CIS Docker benchmark as possible in falco.

Falco-Rules-Default-Macros.md

@@ -1,3 +1,8 @@
+# FALCO DOCUMENTATION HAS MOVED
+**The [new home](https://falco.org/docs) for Falco Documentation can be found on the [main Falco site](https://falco.org/docs).**
+
+**This page can be found at https://falco.org/docs/rules/default-macros/**
+
 ## Falco Rules Default Macros
 
 The default Falco rule set defines a number of macros that makes it easier to start writing rules. These macros provide shortcuts for a number of common scenarios and can be used in any user defined rule sets. Falco also provide Macros that should be overridden by the user to provide settings that are specific to a user's environment. The provided Macros can also be [appended to](Falco Rules Default Macros) in a local rules file.

Falco-Rules.md

@@ -1,3 +1,8 @@
+# FALCO DOCUMENTATION HAS MOVED
+**The [new home](https://falco.org/docs) for Falco Documentation can be found on the [main Falco site](https://falco.org/docs).**
+
+**This page can be found at https://falco.org/docs/rules/**
+
 # Rules
 
 _Call for contributions: If you come up with additional rules which you'd like to see in the core repository - PR welcome!_

Generating-Sample-Events.md

@@ -1,3 +1,8 @@
+# FALCO DOCUMENTATION HAS MOVED
+**The [new home](https://falco.org/docs) for Falco Documentation can be found on the [main Falco site](https://falco.org/docs).**
+
+**This page can be found at https://falco.org/docs/event-sources/sample-events/**
+
 If you'd like to see if falco is working properly, we've created a test program [event_generator](https://github.com/draios/falco/blob/dev/docker/event-generator/event_generator.cpp) that performs a bunch of suspect actions that are detected by the current falco ruleset.
 
 Here's the usage block for the test program:

Home.md

@@ -1,3 +1,8 @@
+# FALCO DOCUMENTATION HAS MOVED
+**The [new home](https://falco.org/docs) for Falco Documentation can be found on the [main Falco site](https://falco.org/docs).**
+
+**The wiki has been kept for historical reasons, but will be removed in the near future**
+
 # Welcome to the **Falco** wiki!
 
 On this wiki, you can find information about Falco. If this is your first time hearing about Falco, we recommend you [start with the website](https://falco.org).

How-to-Install-Falco-for-Linux.md

@@ -1,3 +1,8 @@
+# FALCO DOCUMENTATION HAS MOVED
+**The [new home](https://falco.org/docs) for Falco Documentation can be found on the [main Falco site](https://falco.org/docs).**
+
+**This page can be found at https://falco.org/docs/installation/**
+
 # Installation
 
 ## Scripted install

How-to-Install-Falco-from-Source.md

@@ -1,3 +1,8 @@
+# FALCO DOCUMENTATION HAS MOVED
+**The [new home](https://falco.org/docs) for Falco Documentation can be found on the [main Falco site](https://falco.org/docs).**
+
+**This page can be found at https://falco.org/docs/source/**
+
 # Building falco from source
 
 Building falco requires having `cmake` and `g++` installed.

How-to-Install-Falco-using-Containers-and-or-Orchestration.md

@@ -1,3 +1,8 @@
+# FALCO DOCUMENTATION HAS MOVED
+**The [new home](https://falco.org/docs) for Falco Documentation can be found on the [main Falco site](https://falco.org/docs).**
+
+**This page can be found at https://falco.org/docs/installation/**
+
 # How to Install Falco using Containers
 
 ## Container install (general)

Install-Falco-(Minikube).md

@@ -1,3 +1,8 @@
+# FALCO DOCUMENTATION HAS MOVED
+**The [new home](https://falco.org/docs) for Falco Documentation can be found on the [main Falco site](https://falco.org/docs).**
+
+**This page can be found at https://falco.org/docs/installation/**
+
 # Introduction
 
 The installation steps for Minikube aren't any different than other K8s Environment. See our [K8s Installation Instructions](../blob/dev/integrations/k8s-using-daemonset/README.md) for details.

K8s-Audit-Event-Support.md

@@ -1,3 +1,8 @@
+# FALCO DOCUMENTATION HAS MOVED
+**The [new home](https://falco.org/docs) for Falco Documentation can be found on the [main Falco site](https://falco.org/docs).**
+
+**This page can be found at https://falco.org/docs/event-sources/kubernetes-audit/**
+
 # Introduction
 
 As of Falco 0.13.0, falco supports a second source of events in addition to system call events: [K8s Audit Events](https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#audit-backends). An improved implementation of k8s audit events was introduced in k8s v1.11 and provides a log of requests and responses to [kube-apiserver](https://kubernetes.io/docs/admin/kube-apiserver). Since almost all cluster management tasks are done through the api server, the audit log is a way to track the changes made to your cluster. Examples of this include:

Running-Falco.md

@@ -1,3 +1,8 @@
+# FALCO DOCUMENTATION HAS MOVED
+**The [new home](https://falco.org/docs) for Falco Documentation can be found on the [main Falco site](https://falco.org/docs).**
+
+**This page can be found at https://falco.org/docs/running/**
+
 # Running Falco
 
 Falco is intended to be run as a service. But for experimentation and designing/testing rulesets, you will likely want to run it manually from the command-line.

Supported-Fields.md

@@ -1,3 +1,8 @@
+# FALCO DOCUMENTATION HAS MOVED
+**The [new home](https://falco.org/docs) for Falco Documentation can be found on the [main Falco site](https://falco.org/docs).**
+
+**This page can be found at https://falco.org/docs/rules/supported-fields/**
+
 # Introduction
 
 Here are the fields supported by falco on top of those supported by [Sysdig](https://github.com/draios/sysdig/wiki/Sysdig-User-Guide#user-content-filtering). You can also see this set of fields via `falco --list=<source>`, with `<source>` being one of the sources below.