Enhancement Request: Introduce SQL Query Support for Falco Syscall Events #1627
Comments
|
This is in some way a duplicate of falcosecurity/falco#2403, maybe we can track it just in one place, WDYT? |
|
Yes, I agree. This does seem to be a duplicate of falcosecurity/falco#2403. It's a good idea to track it in one place for the sake of clarity and consistency. Thank you for pointing it out! |
|
You are welcome! Tracked it, i will close this :) |
6 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Motivation
I often find myself needing to analyze specific system events captured by Falco, especially syscall events. However, the current process of manually sifting through the logs can be time-consuming and lacks flexibility. To address this, I propose the addition of SQL query support within Falco to facilitate more efficient and customizable analysis of network and file operations, as well as to enable statistical queries.
Feature
Introduce SQL Query Support:
Alternatives
The current alternative involves manually parsing and filtering Falco logs, which is time-consuming and prone to human error. While external tools and scripts can be used for analysis, having built-in SQL query support within Falco would streamline the process and offer a more user-friendly experience.
Additional context
By integrating SQL query support, Falco users would have a powerful tool at their disposal to analyze syscall events more efficiently. This feature would not only enhance the overall usability of Falco but also open up possibilities for advanced analytics and reporting based on specific user-defined criteria. The addition of SQL support would make Falco a more versatile and adaptable solution for security and system administrators.
The text was updated successfully, but these errors were encountered: