Falco.

Open Source Container Native Runtime Security.
A CNCF Sandbox project.

What it Does

Visibility into the behavior of your containers & applications.

Define what activity is considered normal for your containerized applications & be notified when an application deviates.

Avoid common container anti-patterns with a predefined rule set.

Extend the rule set for your specific container security requirements using Sysdig's powerful system level filtering language.

Notify other systems or humans of abnormal behavior.

Trigger a variety of systems when abnormal behavior is detected from logging systems, messaging platforms, pub/sub providers, or Serverless functions.

Falco is a behavioral activity monitor designed to detect anomalous activity in your applications, containers, and Cloud Native platforms.

Powered by Sysdig’s kernel level observability, Falco lets you continuously monitor container, application, host, and network activity, alerting on behavior that’s defined as abnormal.

Container Visibility

Rich Rule Set

Take Action

Key Features

Kubernetes aware

Build rules specific to your Kubernetes clusters to enforce policy across all your containers & microservices.

Container-native

Runtime Security built for containers. Built from the ground up to natively support container runtimes.

See everything

Complete container visibility through a single daemon. Easily build rules and get informed immediately.

Designed for us

Designed with a easy to learn rule set, Falco makes your entire team productive in minutes.

Adaptive

Custom rules to allow you to adapt Falco to enforce your organization's container security policy.

Downloads + Resources.

Get started today.

Sysdig Monitor

Project website

Learn more at the project's website.

Falco.org
Sysdig Monitor

Contribute

Jump over to our GitHub page to contribute to our open source ecosystem.

Falco Github
Sysdig Monitor

Download

Get started with our Falco Installation Guides.

Sysdig Falco Install Guide
Sysdig Monitor

Documentation

Visit our wiki where you can find information on installing Falco.

Falco Wiki
Sysdig Monitor

Archived Webinar

Kubernetes Open-Source Security: Falco + NATS + kubeless demo.

Join us to learn about container runtime security, and how to secure your container runtime environment with Falco and Kubeless.…

- Hosted by Michael Ducy

Watch webinar on-demand
Sysdig Monitor

Archived Webinar

Container Runtime Security with Sysdig Falco.

While there have been many improvements around securing containers, there is still a large gap in monitoring the behavior of…

- Hosted by Michael Ducy, Director of Community and Evangelism, Sysdig

Watch webinar on-demand

Stay up to date

Sign up for our newsletter to receive updates.

Sysdig Monitor

Find out the Latest

Falco 0.10.0 released.

We are happy to announce the release of Falco 0.10.0. This release incorporates a number of improvements focused on making…

Want more power?

Like the power Falco gives you? Check out Sysdig Secure, a services-aware approach to run-time security and forensics.

Get Started