Falco gives you instant access to a treasure trove of data buried within your system, with one instrumentation point. Easily build rules around process spawning, file access, logs, network activity – your entire system – and get informed immediately.
Designed for the rest of us
Too often, security tools and intrusion detection systems are powerful but too complex for everyone to use. Falco is designed to make you productive in minutes.
Adapts to your environment
Augment the base rules to meet your security requirements. Flexible outputs mean you can pipe Falco alerts to a broad collection of other tools and systems.
Secure your containers from the outside. Falco’s rules are docker and rkt aware, so you can make container-specific rules.
Create rules and then test them on historical system capture files. Know exactly what you’re going to get, before you go into production!
Falco leverages the sysdig kernel probe which has been in use for years, across hundreds of thousands of hosts.