Falco Cloud Native Runtime Security
www.falco.org
2
Leaving SiteNav
External Link Disclaimer
You are about to visit www.falco.org. This website is not operated by us. We are not responsible for its content or privacy practices.
About this website
Falco is a CNCF graduated open source cloud native runtime security project that provides real-time threat detection for containers, Kubernetes, and cloud infrastructure. Originally created by Sysdig in 2016 and contributed to the CNCF in 2018, Falco achieved graduated status in 2024, joining Kubernetes, Prometheus, Envoy, and Istio as one of the most mature projects in the cloud native ecosystem. The tool uses eBPF (extended Berkeley Packet Filter) technology to tap into Linux kernel system calls at runtime, enabling it to detect anomalous behavior, security threats, and policy violations without requiring application code changes or instrumentation. Falco ships with over 100 default detection rules covering common attack patterns including shell execution inside containers, unauthorized file access, network connections to suspicious destinations, privilege escalation attempts, and Kubernetes audit event anomalies. Custom rules can be written using a flexible YAML-based rule language that supports conditions on process names, user IDs, file paths, network connections, container metadata, and Kubernetes API events. Output can be sent to multiple channels including stdout, syslog, file, HTTP endpoints, Slack, NATS, and Kafka. Falco is trusted by organizations including Shopify, GitLab, Booz Allen Hamilton, Vinted, and Skyscanner for production runtime security monitoring.
Tags & Categories
Categories
Tags
Statistics
2
Views
0
Clicks
0
Like
0
Dislike