Open Source Runtime Security Rules for Kubernetes 1.10, GKE, & Common Applications


Sysdig Falco is an open source project focused on providing runtime security for containers and container orchestrators. You can learn more about Runtime Security in this presentation by Google at Kubecon EU 2018.

We recently released default rule sets for a number of common applications, Kubernetes 1.10, and GKE. You can learn more about the rules in this blog post. The following rules are included:

  • Kubernetes 1.10 cluster components
  • Google Kubernetes Engine components
  • Apache
  • Consul
  • ElasticSearch
  • etcd
  • Fluentd
  • HAproxy
  • MongoDB
  • Nginx
  • PostgreSQL
  • Redis
  • Traefik

If you want to get up and running with Falco, we provide a Kubernetes DaemonSet to get you started quickly.

If you have any questions, feel free to join our Slack team (, and jump in the #falco channel.


PS We’re talking to the CNCF about Falco becoming a sandbox project within the CNCF. You can see the project proposal and presentation on Github.