Falco

falco.org

Detect security threats in real time across cloud native environments

Visit
Falco screenshot
/ About /

Falco is an open-source, cloud-native runtime security tool that monitors hosts, containers, Kubernetes, and cloud environments for security threats. It uses eBPF to tap into Linux kernel events and a flexible rules engine to detect abnormal behavior, configuration changes, and compliance violations in real time. Alerts can be forwarded to over 50 third-party SIEM and data lake systems for analysis and response.

/ How it works /

Falco uses eBPF to monitor Linux kernel events and applies customizable rules to detect suspicious activity, enriching events with contextual metadata and streaming alerts to downstream systems.

/ Who it's for /

DevOps engineers, platform engineers, and security teams running cloud-native or containerized workloads

/ More info /

Background.

Status
launched
Business model
open-source
Company
CNCF (Cloud Native Computing Foundation)
/ Discovered patterns /

Similar projects.

Coming soonSpektrail’s read on Security

Editorial take on the space this project sits in — momentum signals, adjacent moves, our call on whether the wedge is real. Get pinged when we publish a new read or when the landscape shifts.

Coming soon

Have a take on this space?

Tell us what you’d build differently, where you think the incumbents miss, or what we’ve gotten wrong about this project. Comments + reactions are coming soon.