Runtime Security Cheatsheet (Falco / eBPF)

Production reference for Linux runtime security: Falco rule syntax, high-signal detection rules, eBPF observability with Tetragon, syscall reference, and detection-engineering tuning.

What This Reference Covers

High-signal commands and checks for day-to-day production work.
Security and reliability notes that explain what can go wrong when a command is used casually.
Debugging vocabulary for incidents, code reviews, platform audits, and interview preparation.

Recommended Next Steps

Start with the commands that match your current task, then follow the related CodersSecret material for deeper context on architecture, risk, and operational tradeoffs.

Read production engineering articles or continue with free courses.

Related Cheatsheets

Kubernetes Security Cheatsheet
Kubernetes (kubectl) Cheatsheet
Docker Cheatsheet
Git Cheatsheet
SQL Cheatsheet
Python Cheatsheet

All Cheat Sheets