The Falco libraries and Falco itself can be extended by using Plugins. Plugins are shared libraries that conform to a documented API, hooking into the core functionalities of Falco to allow things such as:
- Adding new event sources that can be evaluated using filtering expressions/Falco rules.
- Adding the ability to define new fields that can extract information from events.
- Parsing the content of all the events captured in a data stream.
- Injecting events asynchronously in a given data stream.
This section describes how plugins fit into the existing event processing pipeline and how to enable/configure plugins in Falco.
Plugins Architecture Concepts
Learn the basic concepts of the Plugin Architecture
Falco Plugins Developers Guide
Start writing your own Falco plugins
How Falco Uses Plugins
Plugins for Falco libraries/Falco daemon
Where's the Code
Find out about the included plugins in Falco and the Plugins SDK
List of officially registered plugins
Was this page helpful?
Let us know! You feedback will help us to improve the content and to stay in touch with our users.
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.