Falco rule repository
☆157Feb 19, 2026Updated last week
Alternatives and similar repositories for rules
Users that are interested in rules are comparing it to the libraries listed below
Sorting:
- libsinsp, libscap, the kernel module driver, and the eBPF driver sources☆302Updated this week
- Prometheus Metrics Exporter for Falco output events☆121Apr 16, 2025Updated 10 months ago
- Administrative tooling for Falco☆121Feb 23, 2026Updated last week
- Generate a variety of suspect actions that are detected by Falco rulesets☆116Feb 12, 2026Updated 2 weeks ago
- Falco plugins SDK for Rust☆12Feb 20, 2026Updated last week
- Demo repository for running eBPF in GitHub Actions☆23Mar 27, 2025Updated 11 months ago
- Community managed Helm charts for running Falco with Kubernetes☆287Updated this week
- Connect Falco to your ecosystem☆651Updated this week
- Response Engine for managing threats in your Kubernetes☆190Nov 20, 2025Updated 3 months ago
- Research on various techniques to bypass default falco ruleset (based on falco v0.28.1).☆88Jan 28, 2024Updated 2 years ago
- Fetches the metadata from kubernetes API server and dispatches them to Falco instances☆21Feb 17, 2026Updated last week
- A simple WebUI with latest events from Falco☆135Dec 12, 2025Updated 2 months ago
- ☆17Jul 17, 2024Updated last year
- Kit for building Falco drivers: kernel modules or eBPF probes☆69Feb 16, 2026Updated last week
- Go Damn Vulnerable Web App☆24Jul 16, 2024Updated last year
- Simplified go-cat agent for caldera☆11Dec 18, 2023Updated 2 years ago
- A crawler for kernel releases distributed by the major Linux distributions.☆13Oct 18, 2024Updated last year
- A CLI tool for OpenNMS☆11Oct 14, 2024Updated last year
- Terraform Azure Verified Resource Module for Cognitive Service☆13Jan 23, 2026Updated last month
- ☆12Jul 8, 2023Updated 2 years ago
- Kilt is a project that defines how to inject foreign apps into containers☆13Dec 15, 2023Updated 2 years ago
- [EXPERIMENTAL] This project is a PoC for a WebAssembly (Wasm) based OpenTelemetry Collector plugins.☆22Feb 18, 2026Updated last week
- Evolution process of The Falco Project☆60Updated this week
- suidsnoop is a tool based on eBPF LSM programs that logs whenever a suid binary is executed and implements custom allow/deny lists.☆16Oct 31, 2021Updated 4 years ago
- Detect intrusions that happened in your Kubernetes cluster through audit logs using Falco☆63Jun 2, 2021Updated 4 years ago
- Reconnaissance test in Kubernetes clusters☆21Oct 19, 2018Updated 7 years ago
- ☆15Dec 23, 2020Updated 5 years ago
- Use Clair as a plug-in vulnerability scanner in the Harbor registry☆36Dec 5, 2025Updated 2 months ago
- Fluent input plugin for MySQL slow query log file.☆23Dec 22, 2018Updated 7 years ago
- Linux Runtime Security and Forensics using eBPF☆4,388Feb 18, 2026Updated last week
- Dockerfiles for cilium-runtime and cilium-builder dependencies☆25Updated this week
- Nginx Multi Cluster Ingress Controller (based on kubernetes/ingress-nginx@v1.1.1)☆20Feb 28, 2024Updated 2 years ago
- ☆86Updated this week
- Sublime rules for email attack detection, prevention, and threat hunting.☆348Updated this week
- A convenience tool to generate and store certificates for Hubble Relay mTLS☆28Updated this week
- Falco plugins SDK for Go☆26Jan 29, 2026Updated last month
- parody of some of the basic python core features (collections package)☆18Mar 22, 2022Updated 3 years ago
- The high-level/low-level implementation of Linux Fanotify.☆23Nov 11, 2025Updated 3 months ago
- Tool for building Kubernetes attack paths☆942Feb 13, 2026Updated 2 weeks ago