Registered Plugins
List of officially registered plugins
You can find below the officially registered plugins, more details on https://github.com/falcosecurity/plugins.
| ID | Plugin | Type | Source | Description | Authors | URL | Rules URL | Licence |
|---|---|---|---|---|---|---|---|---|
| plugin-id-zero-value | sourcing | This ID is reserved for particular purposes and cannot be registered. A plugin author should not use this ID unless specified by the documentation. | ||||||
| 1 | k8saudit | sourcing | k8s_audit | Read Kubernetes Audit Events and monitor Kubernetes Clusters | The Falco Authors | 🔗 | 🔗 | Apache-2.0 |
| 2 | cloudtrail | sourcing | aws_cloudtrail | Reads Cloudtrail JSON logs from files/S3 and injects as events | The Falco Authors | 🔗 | 🔗 | Apache-2.0 |
| json | extraction | Extract values from any JSON payload | The Falco Authors | 🔗 | Apache-2.0 | |||
| 3 | dummy | sourcing | dummy | Reference plugin used to document interface | The Falco Authors | 🔗 | Apache-2.0 | |
| 4 | dummy_c | sourcing | dummy_c | Like dummy, but written in C++ | The Falco Authors | 🔗 | Apache-2.0 | |
| 5 | docker | sourcing | docker | Docker Events | Thomas Labarussias | 🔗 | 🔗 | Apache-2.0 |
| 6 | seccompagent | sourcing | seccompagent | Seccomp Agent Events | Alban Crequy | 🔗 | Apache-2.0 | |
| 7 | okta | sourcing | okta | Okta Log Events | The Falco Authors | 🔗 | 🔗 | Apache-2.0 |
| 8 | github | sourcing | github | Github Webhook Events | The Falco Authors | 🔗 | 🔗 | Apache-2.0 |
| 9 | k8saudit-eks | sourcing | k8s_audit | Read Kubernetes Audit Events from AWS EKS Clusters | The Falco Authors | 🔗 | 🔗 | Apache-2.0 |
| 10 | nomad | sourcing | nomad | Read Hashicorp Nomad Events Stream | Alberto Llamas | 🔗 | 🔗 | Apache-2.0 |
| 11 | dnscollector | sourcing | dnscollector | DNS Collector Events | Daniel Moloney | 🔗 | 🔗 | Apache-2.0 |
| 12 | gcpaudit | sourcing | gcp_auditlog | Read GCP Audit Logs | The Falco Authors | 🔗 | 🔗 | Apache-2.0 |
| 13 | syslogsrv | sourcing | syslogsrv | Syslog Server Events | Maksim Nabokikh | 🔗 | 🔗 | Apache-2.0 |
| 999 | test | sourcing | test | This ID is reserved for source plugin development. Any plugin author can use this ID, but authors can expect events from other developers with this ID. After development is complete, the author should request an actual ID |
Was this page helpful?
Let us know! You feedback will help us to improve the content and to stay in touch with our users.
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.