Falco
Falco is a cloud-native security tool designed for Linux systems. It employs custom rules on kernel events, which are enriched with container and Kubernetes metadata, to provide real-time alerts. Falco helps you gain visibility into abnormal behavior, potential security threats, and compliance violations, contributing to comprehensive runtime security.
Detect malicious behavior in hosts and containers, no matter what scale, using the power of eBPF.
Stay compliant in cloud-native systems with Falco's intelligent monitoring and rule-based detection.
What makes Falco different?
Cloud Native
Falco detects threats across containers, Kubernetes, hosts and cloud services.
Real Time Detection
Falco provides streaming detection of unexpected behavior, configuration changes, and attacks.
Integration with 50+ Systems
Forward Falco alerts to any off-host SIEM and data lake system for analysis, storage, or reaction.
Last updated
