Registered Plugins

List of officially registered plugins

You can find below the officially registered plugins, more details on https://github.com/falcosecurity/plugins.

IDPluginTypeSourceDescriptionAuthorsURLRules URLLicence
1k8sauditsourcingk8s_auditRead Kubernetes Audit Events and monitor Kubernetes ClustersThe Falco Authors🔗🔗Apache-2.0
2cloudtrailsourcingaws_cloudtrailReads Cloudtrail JSON logs from files/S3 and injects as eventsThe Falco Authors🔗🔗Apache-2.0
-jsonextractionExtract values from any JSON payloadThe Falco Authors🔗Apache-2.0
3dummysourcingdummyReference plugin used to document interfaceThe Falco Authors🔗Apache-2.0
4dummy_csourcingdummy_cLike dummy, but written in C++The Falco Authors🔗Apache-2.0
5dockersourcingdockerDocker EventsThomas Labarussias🔗🔗Apache-2.0
6seccompagentsourcingseccompagentSeccomp Agent EventsAlban Crequy🔗Apache-2.0
7oktasourcingoktaOkta Log EventsThe Falco Authors🔗🔗Apache-2.0
8githubsourcinggithubGithub Webhook EventsThe Falco Authors🔗🔗Apache-2.0
9k8saudit-ekssourcingk8s_auditRead Kubernetes Audit Events from AWS EKS ClustersThe Falco Authors🔗🔗Apache-2.0
10nomadsourcingnomadRead Hashicorp Nomad Events StreamAlberto Llamas🔗🔗Apache-2.0
11dnscollectorsourcingdnscollectorDNS Collector EventsDaniel Moloney🔗🔗Apache-2.0
12gcpauditsourcinggcp_auditlogRead GCP Audit LogsThe Falco Authors🔗🔗Apache-2.0
13syslogsrvsourcingsyslogsrvSyslog Server EventsMaksim Nabokikh🔗🔗Apache-2.0
14salesforcesourcingsalesforceFalco plugin providing basic runtime threat detection and auditing logging for SalesforceAndy🔗🔗Apache-2.0
15boxsourcingboxFalco plugin providing basic runtime threat detection and auditing logging for BoxAndy🔗🔗Apache-2.0
-k8smetaextractionEnriche Falco syscall flow with Kubernetes MetadataThe Falco Authors🔗Apache-2.0
16k8saudit-gkesourcingk8s_auditRead Kubernetes Audit Events from GKE ClustersThe Falco Authors🔗🔗Apache-2.0
17journaldsourcingjournalRead Journald events into FalcoGrzegorz Nosek🔗Apache-2.0
18kafkasourcingkafkaRead events from Kafka topics into FalcoHunter Madison🔗🔗Apache-2.0
19gitlabsourcinggitlabFalco plugin providing basic runtime threat detection and auditing logging for GitLabAndy🔗🔗Apache-2.0
20keycloaksourcingkeycloakFalco plugin for sourcing and extracting Keycloak user/admin eventsMattia Forcellese🔗🔗Apache-2.0
21k8saudit-akssourcingk8s_auditRead Kubernetes Audit Events from AWS AKS ClustersThe Falco Authors🔗🔗Apache-2.0
22k8saudit-ovhsourcingk8s_auditRead Kubernetes Audit Events from OVHcloud MKS ClustersAurélie Vache🔗🔗Apache-2.0