1 Repo
Software development kits for creating custom security event sources and detection extensions.
Distinct from Go-Based Plugins: The candidates focus on generic build plugins or language-specific workflows, whereas this is specifically for security monitoring extensions.
Explore 1 awesome GitHub repository matching security & cryptography · Security Plugin SDKs. Refine with filters or upvote what's useful.
Falco is an eBPF runtime security monitor and cloud native detection engine that identifies abnormal behavior and security threats across hosts and containers. It functions as a Linux kernel event auditor, capturing system calls and kernel events in real-time to detect malicious activity. The system distinguishes itself through a rule-based threat detection model that evaluates system activity against a library of community-maintained rules and custom security definitions. It enriches raw kernel events with container and Kubernetes metadata to provide observability into isolated environments
Building of custom event stream integrations using a Go SDK to capture and process security events from external sources.