Falco Rules Logo

Falco Rules

0
Free
Visit Website

This repository contains officially managed Falco Rules by The Falco Project, pre-defined detections for security threats, abnormal behaviors, and compliance-related monitoring. Users can modify community-contributed rules or create custom ones, focusing on syscalls and container events. Stay updated with the Rules Overview Document and release notes for evolving threats and systems.

FEATURES

ALTERNATIVES

A multi-threaded intrusion detection system using Yara for network and stream IDS

Sniffglue is a network sniffer tool written in Rust with advanced filter sensitivity options and secure packet processing.

An IP address intelligence API that provides geolocation data and threat detection capabilities for IPv4 and IPv6 addresses.

A technique to encode data within DNS queries for covert communication channels.

A fast domain resolver and subdomain bruteforcing tool

A tool for scanning networks, enumerating Siemens PLCs, and gathering detailed information about them.

A tool for analyzing TCP packet traces with color support.

A fast CLI tool to find SSRF or Out-of-band resource load