Threat Detection Built on Falco

Falco is the open source standard for real-time detection of threats and anomalies across containers, Kubernetes, and cloud services.

“Practical Cloud Native Security with Falco” eBook

How Sysdig Contributes to the Open Source Security Community

Sysdig has contributed Falco, the Sysdig kernel module, eBPF probe, and libraries to the CNCF. Sysdig’s open source engineering team not only contributes to Falco but to other projects as well. You can find the source code of these components in the Falco organization, hosted in the Falco security GitHub repository.

Falco open source security

Read More About Our Contribution to the CNCF

Get Started with Falco Today

Learn More

Get an overview of how Falco works at the project website.

Explore Now

Use Falco

Learn how to create a Kubernetes response engine with Falco.

Read Blog Posts

Get Involved

Check out the GitHub repository and contribute to Falco.

Contribute

Stay Connected With Falco

Github listing
Slack channel
Mailing list
Calendar invite to community calls
Community call replays
Twitter

Security from Source to Run for Containers, Kubernetes, and Clouds

Supercharge Falco with Sysdig Secure

The Falco open source cloud, Kubernetes, and container security tool is the detection engine for Sysdig Secure. If you like Falco, you’ll love Secure.

Detect with Tested Rules Plus ML

Layer your defense with rules curated by the Sysdig threat research team and ML detection.

Easily Scale Falco As You Grow

Automatically tune rules, define rule sets by team, and manage multiple Falco instances.

Validate Compliance

Simplify compliance audits with rules mapped to standards like NIST, SOC2, GDPR, and PCI.

Sysdig Created Falco

The Falco open source container, Kubernetes, and cloud security tool was created by Sysdig and contributed to the CNCF. Falco is the cloud-native standard for threat and anomaly detection.

Falco and Sysdig Secure Feature Comparison

Sysdig Secure extends Falco so that you can efficiently scale security for containers, Kubernetes, and cloud services.

Falco
Sysdig Secure
Open Source Based Agent
THREAT DETECTION
Event Sources: Linux System Calls, Kubernetes Audit Logs, and Cloud Activity Logs
Alert Outputs
Via Sidekick
Event forwarding
Customizable Policies
Learning Mode to Automatically Tune Rules
Automated Policy Suggestions Based on Application/Workload Profiling
Kubernetes Network Security
ADDITIONAL CAPABILITIES
Out-of-the-box Compliance Policies
Vulnerability Management 
(Image & Host scanning)
Cloud Security Posture Management
Infrastructure-as-Code Security
Incident Response
Enterprise-Grade Support and Scalability (Centralized Rule Management, Simple Policy Editor, Professional Services)