Event Sources
Falco can consume events from different sources, and apply rules to these events to detect abnormal behavior. Currently Falco supports the following event sources:
- System Calls (syscall) via the drivers
- Kubernetes Audit Events (k8s_audit)
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
Last modified November 30, 2020: added getting started and architecture (ccd6cc5)