Training & Certification

Training > Cloud & Containers > Detecting Cloud Runtime Threats with Falco (LFS254)

Training Course

Learn about Falco and how to install and use it in securing cloud native environments.

Who Is It For

This course is designed for IT professionals, security analysts, DevOps engineers, and anyone looking to expand their knowledge and skills in cloud native runtime security.

read less read more

What You’ll Learn

Explore Falco’s basics, history, design, and its role in cloud security. Dive into its architecture, threat detection methods, setup, rule customization, and output management.

read less read more

What It Prepares You For

By the end of this course, you should be able to install and use Falco to secure cloud native applications. You’ll also gain hands-on experience in crafting Falco rules, managing outputs, and configuring Falco to fit your specific needs.

read less read more

Course Outline

Chapter 1. Course Introduction

Chapter 2. Introduction to Falco

Chapter 3. Getting Started with Falco

Chapter 4. Syscall Data Source (Host Security)

Chapter 5. Other Data Sources (Cloud Security)

Chapter 6. Conditions and Fields

Chapter 7. Falco Rules

Chapter 8. Customizing Falco Rules

Chapter 9. Outputs and Falcosidekick

Chapter 10. Configuring Falco

Chapter 11. Writing Falco Rules

Prerequisites

In order to complete this course, learners should be familiar with the following:

Basic concepts of cloud computing and cloud security.
Basic knowledge of Linux and command-line interface.
Basic understanding of system calls and their role in operating systems.
Familiarity with Kubernetes, including concepts like Pods, Services, and Deployments.

Lab Info

In order to complete this course, learners should have the following:

A computer with a modern operating system capable of running Docker and Kubernetes.
Access to a Kubernetes cluster for certain exercises (this could be a local minikube, a Docker Desktop, or a cloud-based Kubernetes service).
Internet access for downloading necessary resources and tools.

If using a cloud provider like GCP or AWS, you should be able to complete the lab exercises using the free tier or credits provided to you. However, you may incur charges if you exceed the credits initially allocated by the cloud provider, or if the cloud provider’s terms and conditions change.

$299

Course only

Enroll Today Get a Quote

🔐 Unlock unlimited access to 100+ educational products
with THRIVE – less than $1/day!

SUBSCRIBE NOW

100% Money Back Guarantee

Includes

Online, Self Paced

20 Hours of Course Material

Hands-on Labs & Assignments

12 Months of Access to Online Course

Digital Badge

Discussion forums

Get a Quote

Get help to convince your boss.

Experience Level: Intermediate

Gift this course

Training more than 10 people?Get a corporate quote.

Stay Up to Date

Get early access to the latest Linux Foundation Training news, tutorials and exclusive offers – available only for monthly newsletter subscribers.

Get exclusive discounts, news, and more with our free newsletter

Name*
First Last
Email*
{"image":"/wp-content/themes/lf/images/newsletter.png"}
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

We won’t ever send you spam, promise.

© 2025 Linux Foundation - Education. The Linux Foundation®. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds.
Terms of Use | Privacy Policy | Bylaws | Trademark Usage | Antitrust Policy | Good Standing PolicyAccelerated by