Deploying Falco
Create a Slack webhook for receiving Falco alerts
You will need to create a Slack application and add a webhook to it. See the instructions for creating a Slack webhook here: https://api.slack.com/messaging/webhooks.
Deploy the Falco helm chart.
This should be done through your existing infrastructure-as-code pipeline, but here’s a reference for how to set default variables:
helm repo add falcosecurity https://falcosecurity.github.io/charts
helm repo update
helm upgrade --install falco falcosecurity/falco \
--namespace falco --create-namespace \
--set falcosidekick.enabled=true \
--set driver.kind="ebpf" \
--set auditLog.enabled=true \
--set falco.jsonOutput=true \
--set falco.fileOutput.enabled=true \
--set falcosidekick.config.slack.webhookurl="<Slack Channel Webhook URL>"