Falco rule repository
☆157Mar 10, 2026Updated last week
Alternatives and similar repositories for rules
Users that are interested in rules are comparing it to the libraries listed below
Sorting:
- libsinsp, libscap, the kernel module driver, and the eBPF driver sources☆302Updated this week
- Falco plugins registry☆114Updated this week
- Administrative tooling for Falco☆122Updated this week
- A crawler for kernel releases distributed by the major Linux distributions.☆13Oct 18, 2024Updated last year
- Falco plugins SDK for Rust☆12Mar 2, 2026Updated 2 weeks ago
- Generate a variety of suspect actions that are detected by Falco rulesets☆117Feb 12, 2026Updated last month
- Prometheus Metrics Exporter for Falco output events☆121Apr 16, 2025Updated 11 months ago
- Response Engine for managing threats in your Kubernetes☆191Nov 20, 2025Updated 4 months ago
- Curating Falco rules with MITRE ATT&CK Matrix☆88Mar 7, 2024Updated 2 years ago
- A tool to crawl Linux kernel versions☆25Mar 9, 2026Updated last week
- Cloud Native Runtime Security☆8,743Updated this week
- Connect Falco to your ecosystem☆653Updated this week
- Fetches the metadata from kubernetes API server and dispatches them to Falco instances☆21Mar 10, 2026Updated last week
- Demo repository for running eBPF in GitHub Actions☆23Mar 27, 2025Updated 11 months ago
- ☆12Jul 8, 2023Updated 2 years ago
- Kit for building Falco drivers: kernel modules or eBPF probes☆69Mar 9, 2026Updated last week
- Falco workflow & testing infrastructure☆33Updated this week
- suidsnoop is a tool based on eBPF LSM programs that logs whenever a suid binary is executed and implements custom allow/deny lists.☆16Oct 31, 2021Updated 4 years ago
- 内存加载执行golang elf二进制文件☆29Dec 22, 2021Updated 4 years ago
- Send GKE audit events to falco☆12Jan 8, 2023Updated 3 years ago
- The high-level/low-level implementation of Linux Fanotify.☆24Nov 11, 2025Updated 4 months ago
- Nginx Multi Cluster Ingress Controller (based on kubernetes/ingress-nginx@v1.1.1)☆20Feb 28, 2024Updated 2 years ago
- Detect intrusions that happened in your Kubernetes cluster through audit logs using Falco☆63Jun 2, 2021Updated 4 years ago
- the ps utility, with an eBPF twist and container context☆294Jan 16, 2026Updated 2 months ago
- Detecting Cobalt Strike Team Servers on targets through traffic telemetry.☆22Aug 13, 2024Updated last year
- ☆11Jan 13, 2024Updated 2 years ago
- Linux Runtime Security and Forensics using eBPF☆4,427Updated this week
- eBPF-based Security Observability and Runtime Enforcement☆4,476Mar 14, 2026Updated last week
- Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.☆215Updated this week
- A Kubernetes Operator for Lakekeeper (WIP)☆16Nov 17, 2025Updated 4 months ago
- Demonstrating how you can take an action to your intrusions detected by Falco using OpenFaaS functions☆26Mar 24, 2021Updated 4 years ago
- Use Clair as a plug-in vulnerability scanner in the Harbor registry☆36Dec 5, 2025Updated 3 months ago
- Example program using eBPF to log data being based in using shell pipes☆41Feb 15, 2021Updated 5 years ago
- Simplified go-cat agent for caldera☆11Dec 18, 2023Updated 2 years ago
- Evolution process of The Falco Project☆60Updated this week
- A tool for in-depth analysis of container checkpoints☆142Updated this week
- A collection of malicious tools I wrote when playing black team for an invitational CCDC competition☆23Mar 12, 2015Updated 11 years ago
- Yara rules for detecting malware☆23Sep 9, 2025Updated 6 months ago
- The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously…☆227May 26, 2025Updated 9 months ago