falco2seccomp
This tool is designed to convert Falco JSON logs to Docker seccomp profiles
The Falco rule which this tool is designed to work with looks like:
- rule: container_syscall
desc: Capture syscalls for any docker container
priority: WARNING
condition: container.id != host and syscall.type exists
output: "%container.id:%syscall.type"This tool was first introduced in Using-Falco-to-secure-Docker-containers