CNCF provides great solutions for managing security of Kubernetes Environment, like OPA and Kyverno for Policies, but what about threats or strange behaviours that may happen inside running containers? In your Cloud account? In the SaaS you use? Falco, the runtime security engine provides a way to detect all these patterns by analysing syscalls with a kernel module or ebpf probe and with its fresh new plugin framework, possibilities become endless, any streams of events can be passed through its engine and trigger alerts. In recent months, the Falco Community has also described multiple ways to create a response engine. We don’t have not just notifications anymore, it’s real time reaction to threats!