Falco website screenshot

Falco

Falco is a cloud-native runtime security tool that detects unexpected application behavior and alerts on threats at runtime using eBPF. It is a CNCF graduated project that continuously monitors Linux kernel syscalls and compares them against configurable security rules to detect intrusions, privilege escalation, and other suspicious behaviors.

3 APIs 0 Features
Cloud NativeeBPFRuntime SecuritySecurityThreat Detection

APIs

Falco HTTP API

REST API served by the Falco web server providing health checks, version information, and rules management endpoints for the Falco runtime security engine.

Falco Plugin API

The Falco Plugin API provides a C ABI interface for developing plugins that extend Falco with new event sources and field extractors. Plugins are shared libraries that implement...

Falco gRPC API

The Falco gRPC API provided a streaming interface for consuming Falco alert outputs and querying version information from a running Falco instance. The embedded gRPC server and ...

Collections

Pricing Plans

Falco Plans Pricing

3 plans

PLANS

Rate Limits

Falco Rate Limits

5 limits

RATE LIMITS

FinOps

Falco Finops

FINOPS

Semantic Vocabularies

Falco Context

5 classes · 28 properties

JSON-LD

Resources

🔗
LinkedIn
LinkedIn
🔗
Website
Website
🔗
Documentation
Documentation
📰
Blog
Blog
🔗
Community
Community
🚀
GettingStarted
GettingStarted
📄
ChangeLog
ChangeLog
👥
GitHubOrganization
GitHubOrganization
👥
GitHubRepository
GitHubRepository
🔗
JSONLD
JSONLD

Sources

Raw ↑
opencollection: 1.0.0
info:
  name: Falco HTTP API
  version: 0.39.0
items:
- info:
    name: Health
    type: folder
  items:
  - info:
      name: Falco Health check
      type: http
    http:
      method: GET
      url: http://localhost:8765/healthz
    docs: Returns the health status of the Falco engine. Returns 200 OK when Falco is running and healthy. Used by orchestrators
      such as Kubernetes for liveness and readiness probes.
- info:
    name: Version
    type: folder
  items:
  - info:
      name: Falco Version information
      type: http
    http:
      method: GET
      url: http://localhost:8765/version
    docs: Returns the version information for the running Falco instance, including the engine version and the version of
      the loaded rules files.
- info:
    name: Rules
    type: folder
  items:
  - info:
      name: Falco List loaded rules
      type: http
    http:
      method: GET
      url: http://localhost:8765/api/v1/rules
    docs: Returns the list of rules currently loaded in the Falco engine, including their names, descriptions, priorities,
      and enabled status.
  - info:
      name: Falco Reload rules
      type: http
    http:
      method: POST
      url: http://localhost:8765/api/v1/rules/reload
    docs: Triggers a reload of the Falco rules files. This allows rules to be updated without restarting the Falco daemon.
bundled: true