Updated K8s Audit Event Support (markdown)

K8s-Audit-Event-Support.md

@@ -6,6 +6,12 @@ As of Falco 0.13.0, falco supports a second source of events in addition to syst
 * Creating/updating/removing config maps or secrets
 * Attempts to subscribe to changes to any endpoint
 
+We also added additional falco rules that look for notable or suspicious activity, including:
+
+* Creating pods that are privileged, mount sensitive host paths, or use host networking.
+* Granting overly broad permissions such as `cluster-admin` to users.
+* Creating configmaps with sensitive information.
+
 Once you've configured your cluster with audit logging and selected which events you'd like to pass along to falco, you can write falco rules that read these events and send notifications for suspicious or other notable activity.
 
 # Falco Changes