The Falco Project

Cloud-Native runtime security

Falco, the cloud-native runtime security project, is the de facto Kubernetes threat detection engine

Falco was created by Sysdig in 2016 and is the first runtime security project to join CNCF as an incubation-level project. Falco detects unexpected application behavior and alerts on threats at runtime.

Why Falco?

Strengthen container security

The flexible rules engine allows you to describe any type of host or container behavior or activity.

Reduce risk via immediate alerts

You can immediately respond to policy violation alerts and integrate Falco within your response workflows.

Leverage most current detection rules

Falco out-of-the box rules alert on malicious activity and CVE exploits.

Featured Videos

End-Users

Booz Allen Hamilton

Coveo

Frame.io

GitLab

League

Preferral

Shopify

Sight Machine

Sky Scanner

Vendors

Logz.io

Rancher

Shujinko

Sumo Logic

Sysdig

Integrations

Helm

Kubernetes

Open Policy Agent1

Prometheus

Amazon Web Services

Azure

Datadog

Elastic Search

Google Cloud

IBM Cloud

InfluxDB

Grafana Loki

Opsgenie

Red Hat

Slack

StatsD

We are a CNCF incubated Project