Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Welcome to the Falco wiki!
On this wiki, you can find information about Falco. If this is your first time hearing about Falco, we recommend you start with the website.
- About Falco - What falco is and what it can do.
- Install Falco (Linux)
- Install Falco (Containers)
- Details on Falco's Kernel Module
- Compile the Source Code
Running Falco: How to run falco
- Generating Sample Events: How to get a stream of sample events to show that falco is working.
- Falco Default and Local Rules Files: Describing the breakdown between default and local rules.
- Falco Rules: Describing the falco rule format
- Falco Rules - Default Macros: Describing Macros falco ships with that provide useful shortcuts for rule development.
- Falco Configuration: How to configure falco
- Falco Alerts: Describing the alert channels
- Falco Formatting for Containers and Orchestration: Describing output formatting and how it relates to containers/orchestration.
- Falco Examples: Examples of what falco can detect
- K8s Audit Event Support: How to Process K8s Audit Events with Falco.
- Helpful blog posts
- Sysdig User Level Coding Conventions: Falco uses the same coding conventions as the sysdig OSS project.
Support / Join the Community
- Join our Public Slack channel #falco for falco announcements and discussions.