The Falco Project

Cloud-Native runtime security
Falco, the cloud-native runtime security project, is the de facto Kubernetes threat detection engine

Falco was created by Sysdig in 2016 and is the first runtime security project to join CNCF as an incubation-level project. Falco detects unexpected application behavior and alerts on threats at runtime.

Why Falco?

Strengthen container security

The flexible rules engine allows you to describe any type of host or container behavior or activity.

Reduce risk via immediate alerts

You can immediately respond to policy violation alerts and integrate Falco within your response workflows.

Leverage most current detection rules

Falco out-of-the box rules alert on malicious activity and CVE exploits.

Featured Videos

End-Users


Booz Allen Hamilton
Coveo
Frame.io
GitLab
League
Preferral
Shopify
Sight Machine
Sky Scanner

Vendors


Logz.io
Rancher
Shujinko
Sumo Logic
Sysdig

Integrations


Helm
Kubernetes
Open Policy Agent1
Prometheus
Amazon Web Services
Azure
Datadog
Elastic Search
Google Cloud
IBM Cloud
InfluxDB
Grafana Loki
Opsgenie
Red Hat
Slack
StatsD

We are a CNCF incubated Project