The repository on GitHub offers a comprehensive set of Falco detection rules tailored for Kubernetes security. It includes a variety of resources such as audit policies, attack manifests, and configuration files to identify real-world attack methods. Key techniques covered include anonymous API access, overly permissive RBAC configurations, and service account token abuse. Each detection rule is categorized by specific attack surfaces, such as RBAC or CoreDNS, making it easier for users to focus on particular vulnerabilities. For practical application, users can modify the `lab_setup/values.yaml` file to load custom rules into Falco. The repository provides clear instructions on how to apply these changes through Helm commands. It also includes test scripts that mimic attacker behavior, allowing users to see how the detections function in real scenarios. These scripts can be run individually or in sequences, enhancing the testing process. The entire setup has been validated on Ubuntu 24.04, ensuring compatibility with this operating system. The repository is designed for usability, offering readable and auditable rules that can be adjusted for different environments. By providing scripts that intentionally trigger detections, it enables users to assess the effectiveness of their security measures against specific attack vectors. This hands-on approach is essential for organizations looking to bolster their Kubernetes security posture.