docs(proposals): introduce on host anomaly detection framework

[incertum]

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

/kind feature

/kind release

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area build

/area engine

/area tests

/area proposals

/area CI

What this PR does / why we need it:

Formalize an On Host Anomaly Detection Framework.
@falcosecurity/core-maintainers

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

new(proposals): introduce on host anomaly detection framework

[mstemm]

I just discovered this issue and would love to hear more about it. Will it be discussed during some community meeting?

[incertum]

@mstemm awesome!

Could offer talking about it during next week's community call (Aug 30, 2023) or in October (Oct 4, 2023)? Would next week for example work for you?

[mstemm]

@mstemm awesome!

Could offer talking about it during next week's community call (Aug 30, 2023) or in October (Oct 4, 2023)? Would next week for example work for you?

Sure, I can attend the Aug 30th meeting. See you then.

[incertum]

Tentatively, let's gather additional feedback from the community during our weekly community call on either January 10 or January 17, 2024.

By then, I should have explored a possible plugin integration in more detail and prepared a tentative configuration UX outline.

[incertum]

Started the plugin dev, should have a wip up next week and directly noticed we typically prefix the .so output with lib, plus simply anomalydetection would be less ambiguous and more a more generic/fitting name.

[incertum]

Please note that this PR has been open for 8 months now without receiving any review whatsoever. It even appears unprecedented to back up such an important proposal through public talks and serious community call engagement. What needs to happen to move this proposal forward?

[cpanato]

I did not see this pr before, sorry
Reading that it makes sense to me.

/lgtm
/assign @leogr

[poiana]

LGTM label has been added.

Git tree hash: 1cb36c1680c3b1525fb60459b8230086f1c3c6bf

[leogr]

I apologize for the delay. I thought this had already been approved during the last core maintainer meeting.

Anyway, the proposal is ok for me, so I am approving.

/milestone 0.38.0

[jasondellaluce]

/approve

Looking forward to seeing this happen! Great value proposition as always, thanks @incertum!

[poiana]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cpanato, incertum, jasondellaluce, leogr

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [incertum,jasondellaluce,leogr]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment