- Pull and build vendor libraries by running the following script:
./install_dependencies.shThis step can take ~15 minutes depending on your machine.
- Build the engine:
mkdir ./build && cd build
cmake ..
make allsudo ./build/main -f "evt.type=execve or evt.type=execveat" -e ./dependencies/falco-libs/build/driver/bpf/probe.oThe command above will listen on all execve and execveat syscalls occuring in containers (by default we will print data only in containers).
Check out the available flags by running: ./build/main -h