Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Welcome to the falco wiki!
On this wiki, you can find information about sysdig falco. If this is your first time hearing about falco, we recommend you start with the website.
- About Falco - What falco is and what it can do.
- Install Falco (Linux)
- Install Falco (Containers)
- Details on Falco's Kernel Module
- Compile the Source Code
Running Falco: How to run falco
- Generating Sample Events: How to get a stream of sample events to show that falco is working.
- Falco Default and Local Rules Files: Describing the breakdown between default and local rules.
- Falco Rules: Describing the falco rule format
- Falco Rules - Default Macros: Describing Macros falco ships with that provide useful shortcuts for rule development.
- Falco Configuration: How to configure falco
- Falco Alerts: Describing the alert channels
- Falco Formatting for Containers and Orchestration: Describing output formatting and how it relates to containers/orchestration.
- Falco Examples: Examples of what falco can detect
- Helpful blog posts
- Sysdig User Level Coding Conventions: Falco uses the same coding conventions as sysdig.
Support / Join the Community
- Follow us on Twitter for general falco and sysdig news.
- This is our blog, where you can find the latest falco posts.
- Join our Public Slack channel #falco for falco announcements and discussions.
Like what sysdig is doing? We are hiring.