wazuh-falco

Falco ruleset and decoder for Wazuh integration

Falco (http://www.falco.org) is a cloud-native runtime security project, is the de facto Kubernetes threat detection engine

Falco was created by Sysdig in 2016 and is the first runtime security project to join CNCF as an incubation-level project. Falco detects unexpected application behavior and alerts on threats at runtime.

Falco send events to syslog, so could be integrated with Wazuh SIEM, using related rules and decoders.