Falco, the cloud-native runtime security project, is the de facto Kubernetes threat detection engine
Falco was created by Sysdig in 2016 and is the first runtime security project to join CNCF as an incubation-level project. Falco detects unexpected application behavior and alerts on threats at runtime.
Falco was created by Sysdig in 2016 and is the first runtime security project to join CNCF as an incubation-level project. Falco detects unexpected application behavior and alerts on threats at runtime.

Why Falco?
Strengthen container security
The flexible rules engine allows you to describe any type of host or container behavior or activity.
Reduce risk via immediate alerts
You can immediately respond to policy violation alerts and integrate Falco within your response workflows.
Leverage most current detection rules
Falco out-of-the box rules alert on malicious activity and CVE exploits.
Featured Videos
We are a CNCF incubated Project