What it Does
Visibility into the behavior of your containers & applications.
Define what activity is considered normal for your containerized applications & be notified when an application deviates.
Avoid common container anti-patterns with a predefined rule set.
Extend the rule set for your specific container security requirements using Sysdig's powerful system level filtering language.
Notify other systems or humans of abnormal behavior.
Trigger a variety of systems when abnormal behavior is detected from logging systems, messaging platforms, pub/sub providers, or Serverless functions.
Falco is a behavioral activity monitor designed to detect anomalous activity in your applications, containers, and Cloud Native platforms.
Powered by Sysdig’s kernel level observability, Falco lets you continuously monitor container, application, host, and network activity, alerting on behavior that’s defined as abnormal.
Rich Rule Set
Build rules specific to your Kubernetes clusters to enforce policy across all your containers & microservices.
Runtime Security built for containers. Built from the ground up to natively support container runtimes.
Complete container visibility through a single daemon. Easily build rules and get informed immediately.
Designed for us
Designed with a easy to learn rule set, Falco makes your entire team productive in minutes.
Custom rules to allow you to adapt Falco to enforce your organization's container security policy.
Downloads + Resources.
Get started today.
Learn more at the project's website.
Jump over to our GitHub page to contribute to our open source ecosystem.
Get started with our Falco Installation Guides.
Visit our wiki where you can find information on installing Falco.
Kubernetes Open-Source Security: Falco + NATS + kubeless demo.
Join us to learn about container runtime security, and how to secure your container runtime environment with Falco and Kubeless.…
- Hosted by Michael DucyWatch webinar on-demand
Container Runtime Security with Sysdig Falco.
While there have been many improvements around securing containers, there is still a large gap in monitoring the behavior of…
- Hosted by Michael Ducy, Director of Community and Evangelism, SysdigWatch webinar on-demand
Stay up to date
Sign up for our newsletter to receive updates.
Find out the Latest
Falco 0.10.0 released.
We are happy to announce the release of Falco 0.10.0. This release incorporates a number of improvements focused on making…
Want more power?
Like the power Falco gives you? Check out Sysdig Secure, a services-aware approach to run-time security and forensics.