Goal
Investigate and stabilize the host-side live execution trace and Falco log correlation verifications in test_caldera_detection_coverage.py.
Context
When running test_caldera_detection_coverage.py against the live stack with --run-stack and --run-host-emulation, some safe abilities (such as PAYLOAD_ABILITY and DUMP_HISTORY_ABILITY) time out or fail to correlate because of asynchronous log buffering, network delay, or missing host-side FIM/process trigger event propagation.
Action Items
- Optimize OpenObserve trace/log indexing and search delays (reduce wait/poll intervals or increase poll retries).
- Ensure that Falco containers can successfully capture host-side system calls when running emulation commands on the host.
- Validate that telemetry streams are pre-populated with appropriate schema fields under active container workloads.
Goal
Investigate and stabilize the host-side live execution trace and Falco log correlation verifications in
test_caldera_detection_coverage.py.Context
When running
test_caldera_detection_coverage.pyagainst the live stack with--run-stackand--run-host-emulation, some safe abilities (such asPAYLOAD_ABILITYandDUMP_HISTORY_ABILITY) time out or fail to correlate because of asynchronous log buffering, network delay, or missing host-side FIM/process trigger event propagation.Action Items