Registered Plugins
List of officially registered plugins
You can find below the officially registered plugins, more details on https://github.com/falcosecurity/plugins.
ID | Plugin | Type | Source | Description | Authors | URL | Rules URL | Licence |
---|---|---|---|---|---|---|---|---|
1 | k8saudit | sourcing | k8s_audit | Read Kubernetes Audit Events and monitor Kubernetes Clusters | The Falco Authors | 🔗 | 🔗 | Apache-2.0 |
2 | cloudtrail | sourcing | aws_cloudtrail | Reads Cloudtrail JSON logs from files/S3 and injects as events | The Falco Authors | 🔗 | 🔗 | Apache-2.0 |
- | json | extraction | Extract values from any JSON payload | The Falco Authors | 🔗 | Apache-2.0 | ||
3 | dummy | sourcing | dummy | Reference plugin used to document interface | The Falco Authors | 🔗 | Apache-2.0 | |
4 | dummy_c | sourcing | dummy_c | Like dummy, but written in C++ | The Falco Authors | 🔗 | Apache-2.0 | |
5 | docker | sourcing | docker | Docker Events | Thomas Labarussias | 🔗 | 🔗 | Apache-2.0 |
6 | seccompagent | sourcing | seccompagent | Seccomp Agent Events | Alban Crequy | 🔗 | Apache-2.0 | |
7 | okta | sourcing | okta | Okta Log Events | The Falco Authors | 🔗 | 🔗 | Apache-2.0 |
8 | github | sourcing | github | Github Webhook Events | The Falco Authors | 🔗 | 🔗 | Apache-2.0 |
9 | k8saudit-eks | sourcing | k8s_audit | Read Kubernetes Audit Events from AWS EKS Clusters | The Falco Authors | 🔗 | 🔗 | Apache-2.0 |
10 | nomad | sourcing | nomad | Read Hashicorp Nomad Events Stream | Alberto Llamas | 🔗 | 🔗 | Apache-2.0 |
11 | dnscollector | sourcing | dnscollector | DNS Collector Events | Daniel Moloney | 🔗 | 🔗 | Apache-2.0 |
12 | gcpaudit | sourcing | gcp_auditlog | Read GCP Audit Logs | The Falco Authors | 🔗 | 🔗 | Apache-2.0 |
13 | syslogsrv | sourcing | syslogsrv | Syslog Server Events | Maksim Nabokikh | 🔗 | 🔗 | Apache-2.0 |
14 | salesforce | sourcing | salesforce | Falco plugin providing basic runtime threat detection and auditing logging for Salesforce | Andy | 🔗 | 🔗 | Apache-2.0 |
15 | box | sourcing | box | Falco plugin providing basic runtime threat detection and auditing logging for Box | Andy | 🔗 | 🔗 | Apache-2.0 |
- | k8smeta | extraction | Enriche Falco syscall flow with Kubernetes Metadata | The Falco Authors | 🔗 | Apache-2.0 | ||
16 | k8saudit-gke | sourcing | k8s_audit | Read Kubernetes Audit Events from GKE Clusters | The Falco Authors | 🔗 | 🔗 | Apache-2.0 |
17 | journald | sourcing | journal | Read Journald events into Falco | Grzegorz Nosek | 🔗 | Apache-2.0 | |
18 | kafka | sourcing | kafka | Read events from Kafka topics into Falco | Hunter Madison | 🔗 | 🔗 | Apache-2.0 |
19 | gitlab | sourcing | gitlab | Falco plugin providing basic runtime threat detection and auditing logging for GitLab | Andy | 🔗 | 🔗 | Apache-2.0 |
20 | keycloak | sourcing | keycloak | Falco plugin for sourcing and extracting Keycloak user/admin events | Mattia Forcellese | 🔗 | 🔗 | Apache-2.0 |
21 | k8saudit-aks | sourcing | k8s_audit | Read Kubernetes Audit Events from AWS AKS Clusters | The Falco Authors | 🔗 | 🔗 | Apache-2.0 |
22 | k8saudit-ovh | sourcing | k8s_audit | Read Kubernetes Audit Events from OVHcloud MKS Clusters | Aurélie Vache | 🔗 | 🔗 | Apache-2.0 |
Was this page helpful?
Let us know! You feedback will help us to improve the content and to stay in touch with our users.
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
Last modified Dec 17, 2024: update(content): move "plugins" under "concepts" (56b61a9)