Getting Started
Getting started with Falco
Falco is a cloud native security tool. It provides near real-time threat detection for cloud, container, and Kubernetes workloads by leveraging runtime insights. Falco can monitor events defined via customizable rules from various sources, including the Linux kernel, and enrich them with metadata from the Kubernetes API server, container runtime, and more. Falco supports a wide range of kernel versions, x86_64 and ARM64 architectures, and many different output channels.
Try it now
Get started on your Linux host or Kubernetes cluster.
Try Falco with Docker
Try Falco on Kubernetes
Try Falco on Ubuntu
Was this page helpful?
Let us know! You feedback will help us to improve the content and to stay in touch with our users.
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
Last modified Oct 30, 2024: docs: enhancing Falco main messaging (9d7c449)
