Falco Has a Free API: Runtime Security and Threat Detection for Kubernetes

Falco is an open-source runtime security tool that detects unexpected application behavior and alerts on threats in real-time. It uses eBPF to monitor system calls at the kernel level without modifying your applications. What Is Falco? Falco is a CNCF graduated project created by Sysdig. It monitors Linux system calls and alerts when suspicious activity occurs — like a container spawning a shell, reading sensitive files, or making unexpected network connections. Key Features: eBPF-based kernel monitoring 100+ built-in security rules Custom rule engine (YAML) Kubernetes audit log support Multiple output channels (Slack, webhook, syslog) Falcosidekick for alert routing gRPC and REST API Plugin system Installation # Kubernetes via Helm helm repo add falcosecurity https://falcosecurity.github.io/charts helm install falco falcosecurity/falco -n falco --create-namespace \ --set driver.kind = ebpf \ --set falcosidekick.enabled = true # Or Docker docker run -d --name falco --privileged \ -v /v