Falco Plugins

Extend Falco functionality using Plugins for Falco libraries/Falco daemon

The Falco libraries and Falco itself can be extended by using Plugins. Plugins are shared libraries that conform to a documented API and allow for:

Adding new event sources that can be evaluated using filtering expressions/Falco rules.
Adding the ability to define new fields that can extract information from events.

This section describes how plugins fit into the existing event processing pipeline and how to enable/configure plugins in Falco.

If you're interested in how this feature came about, you can view the original proposal for the plugin system.

Learn the basic concepts of the Plugin Architecture

Plugins for Falco libraries/Falco daemon

Find out about the included plugins in Falco and the Plugins SDK

Start writing your own Falco plugins

High-level documentation of the Go SDK

List of officially registered plugins

Learn how the Plugins API works

Let us know! You feedback will help us to improve the content and to stay in touch with our users.