Prometheus is a (rare) recent example of a significant, thriving open-source project that is community-based. Not quite as broad in scope as something like Elasticsearch though.
OP here, my bad indeed.
I was fiddling around trying to figure out the right way to shorten and carelessly ended with this. No intention to mislead, but I agree this changes the meaning in a bad way.
Most importantly I don't see a way to revert; hopefully the moderators will see this and do it instead.
We ran into a number of issues with Helm when deploying - failures leading us to have to rollback, with rollbacks then failing, requiring manual changes to unblock.
I think that for third-party packages and related templating (which seems like the original use-case) it works well, but I would be wary of using it for high-res deploys of our own stuff.
Looks like a nice tool, and it's great to see syscalls getting more attention.
I don't fully get the argument for why on-host filtering is undesirable. Of course naively filtering for curl-originated connections isn't a solid detection scheme for rootkit-installs! That's just a naive filter, which a naive user could mis-use in a centralized way or in a distributed way.
As for event correlation (#2 of the pros), it can be done on-host too. And back-testing (#3) of new rules is indeed a highly valuable feature! But you certainly don't have to log everything centrally to get that capability. E.g. in the case of Falco, you can capture trace files and re-run any number of rules/filters on them.
I do agree with the point on rules being exposed to an attacker.
[Disclaimer: author of the initial version of Sysdig Falco]
It's taken from close up so you see how a concrete platform has been poured under the building, then the whole thing pushed on rails.