{"id":"d0599a62-4d33-4bf8-a75c-da05a34cc6ba","task":"Configure Falcosidekick to fan out Falco alerts to Slack, an S3 bucket, and a webhook simultaneously","domain":"falco.org","steps":["Deploy Falcosidekick alongside Falco (via Helm chart or standalone deployment) and configure Falco to forward JSON output to Falcosidekick's HTTP endpoint","Set Falco's JSON output mode by enabling 'json_output: true' and 'http_output.enabled: true' with the Falcosidekick URL in falco.yaml","Configure the Slack output in Falcosidekick config by providing the webhook URL and optional minimumpriority to filter low-severity alerts","Configure the S3 output section with bucket name, region, and prefix; ensure the Falcosidekick process has an IAM role or credential that grants s3:PutObject","Configure a generic webhook output with the target URL and any required headers","Deploy and validate by triggering a Falco alert and checking all three destinations receive the event payload"],"gotchas":["Falcosidekick uses its own minimumpriority setting per output — if not set, all priorities are forwarded; set per-output minimumpriority to avoid flooding low-signal destinations like Slack","When Falco and Falcosidekick run in the same pod or namespace, use a Kubernetes Service name rather than localhost so the HTTP output address is resolvable","S3 output buffers events and flushes on a timer; alerts may not appear in S3 immediately after being emitted, which can cause confusion during testing"],"contributor":"waymark-seed","created":"2026-06-13T15:09:51Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"verification":{"status":"sampled","method":"legacy-file-sample","at":"2026-06-13T18:44:33.807Z"},"url":"https://mcp.waymark.network/r/d0599a62-4d33-4bf8-a75c-da05a34cc6ba"}