Falco

Open Source Container Runtime Security

What it Does

Falco Rule Violations
Writing a Falco Rule.
Kubernetes Deployed Falco Sending Notifications to Slack

Deep Container Visibility

Gain visibility into the behavior of your containers and applications down to the finest detail such as system, network, and file activity.

Rich Rule Set

Avoid common container anti-patterns with a predefined rule set. Extend the rule set for your specific container security requirements.

Take Action

When containers don't behave as expected, Falco can take action. Kill a container, send an alert, notify a 3rd party, and more.

Key Features

Troubleshoot

Kubernetes Aware

Build rules specific to your Kubernetes clusters to enforce policy across all your containers & microservices.

APIs

Container-native

Runtime Security built for containers. Built from the ground up to natively support container runtimes.

Alerts

See Everything

Complete container visibility through a single daemon. Easily build rules and get informed immediately.

Designed for the rest of us

Designed For Us

Designed with a easy to learn rule set, Sysdig Falco makes your entire team productive in minutes.

Teams

Adaptive

Custom rules to allow you to adapt Sysdig Falco to enforce your organization's container security policy.

Integrations

Docker
Platform
Kubernetes
Platform
Mesos
Platform
slack
Communication

Downloads & Resources

Get started today, contribute to the open source project, & learn more.

Alerts

Contribute

Views

Downloads

Teams

Documentation

Want More Power?

Like the power Sysdig Falco gives you? Check out Sysdig Secure, a services-aware approach to run-time security and forensics.

Learn More
Sysdig Secure