Enterprise detection rules
for open source Falco users )

Falco Feeds
by Sysdig

Get fully managed rules – without giving up your current Falco setup

Tuning Falco rules is time consuming

Evolving threats are
relentless

You need real-time security to move at cloud speed

Curating effective security rules is complex and time consuming

Security and DevOps teams lack the deep expertise in kernel operations and system calls to craft effective security rules.

Default rules are not ready for the evolving threat landscape

Out-of-the-box Falco rules must be tuned and validated to accurately detect insecure behavior and evolving security threats.

Falco is deeply integrated into security practices and can’t be replaced

Adopting a managed, proprietary solution usually means sacrificing flexibility and control that teams get with open-source tools like Falco Talon and Falcosidekick.

With Falco Feeds, you don’t have to leave your open source tools behind

Simplify rule creation and management

Enterprise Falco rules can be quickly adopted without extensive maintenance or downtime in your production environment.

Get continuously updated rules from our security researchers

The Sysdig Threat Research Team frequently provides timely and effective rule updates for critical CVEs. Sysdig delivers these updates directly to Falco Feeds, so you always have the latest defenses in place.

Keep your existing Falco, Falcosidekick, and Falco Talon setup

Falco Feeds gives you the best of both worlds: the power and flexibility of open source tools like falcosidekick and Falco Talon with the benefit of a managed detection rules. There’s no need to overhaul your existing infrastructure.

Open source security at enterprise scale

  • Sysdig threat research is a force multiplier

    Our research team continuously monitors emerging threats and provides timely rule updates for critical vulnerabilities. Sysdig delivers them directly into Falco Feeds, so you don’t have to keep up with every emerging threat.

  • Stay on top of evolving regulatory requirements and streamline audits

    Falco Feeds has comprehensive coverage across the MITRE ATT&CK framework for Linux workloads and hosts, helping you maintain a high security standard across your cloud environments.

  • Reduce maintenance work for teams who rely on open source security

    Automated rule distribution eliminates the need for manual updates or custom rule deployment across each Falco endpoint. Falco Feeds is tested and tuned to mitigate challenges like false positives, so you can swiftly adopt it without disruptions to their production environment.

“Sysdig customers benefit from community contributions, just as Falco users benefit from Sysdig’s contributions to Falco. The fact that Sysdig extends Falco was really enticing to us. With Sysdig, we knew we were getting the best tool integrated with Falco."
Security Engineer at BlaBlaCar

See how Falco can scale

Falco Feeds gives the open source community access to continuously updated rules crafted by security experts

Contact us