Runtime security
UDS Core provides runtime threat detection using Falco and Falcosidekick. This section covers tuning what Falco detects, querying and visualizing events, routing alerts to external destinations, and migrating from NeuVector.
For background on how Falco, Falcosidekick, and runtime threat detection work, see Runtime security concepts.
Guides
Section titled “Guides” Tune Falco runtime detections Enable additional rulesets, disable noisy rules, override built-in logic, and write custom rules via bundle overrides.
Query Falco events in Grafana Query and visualize runtime security events using Loki and the built-in Falcosidekick dashboard.
Route runtime alerts to external destinations Configure Falcosidekick to forward alerts to Slack, Mattermost, or Microsoft Teams for real-time notifications.
Migrate from NeuVector to Falco Transition from the legacy NeuVector runtime security provider to Falco during a UDS Core upgrade.