From 33b1d0ef353a15f932babc8e652072501df1807d Mon Sep 17 00:00:00 2001
From: Michael Ducy <michael@ducy.org>
Date: Tue, 9 Oct 2018 23:18:22 -0400
Subject: [PATCH] Updated Falco Alerts (markdown)

---
 Falco-Alerts.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Falco-Alerts.md b/Falco-Alerts.md
index e578c1a..1234890 100644
--- a/Falco-Alerts.md
+++ b/Falco-Alerts.md
@@ -21,6 +21,8 @@ stdout_output:
 ```
 10:20:05.408091526: Warning Sensitive file opened for reading by non-trusted program (user=root command=cat /etc/shadow file=/etc/shadow)
 ```
+Standard output is useful when using Fluentd or Logstash to capture logs from containers. Alerts can then be stored in Elasticsearch, and dashboards can be created to visualize the alerts. For more information, read [this blog post](https://sysdig.com/blog/kubernetes-security-logging-fluentd-falco/). 
+
 When run in the background via the `-d/--daemon` command line option, standard output messages are discarded.
 
 ## File Output