Falco is an open-source runtime security tool specifically designed for Kubernetes environments.
- Runtime Security Monitoring: Observes system calls to detect and alert on unexpected behavior.
- Kubernetes Native: Integration (via kmod/eBPF) with OS, container environments and kubernetes. Specific rules available.
- Alerting: Push to alerting systems like Slack