You are viewing documentation for Falco version: v0.26.2

Falco v0.26.2 documentation is no longer actively maintained. The version you are currently viewing is a static snapshot. For up-to-date documentation, see the latest version



Version 0.36.0
The Falco Project Changelog Falco Examples Getting Started Download Install Running Build Falco from source Third-Party Integrations Configuration Rules Default and Local Rules Files Default Macros Supported Fields for Conditions and Outputs Event Sources Falco Drivers Kubernetes Audit Events Actions For Dropped System Call Events Generating sample events K8s Pod Security Policy (PSP) Support gRPC API Outputs Version Go Client Python Client Falco Alerts Formatting Alerts for Containers and Orchestration

Event Sources

Falco can consume events from different sources, and apply rules to these events to detect abnormal behavior. Currently Falco supports the following event sources:

Table of contents