Falco

Falco Plugin API

The Falco Plugin API provides a C ABI interface for developing plugins that extend Falco with new event sources and field extractors. Plugins are shared libraries that implement the plugin API and can be loaded at runtime to add support for new data sources such as cloud audit logs, container activity, and custom event streams.

GitHub

Documentation

📖
Documentation
https://falco.org/docs/developer-guide/

SDKs

📦
GitHubRepository
https://github.com/falcosecurity/plugin-sdk-go

Other Resources

🔗
Reference
https://falco.org/docs/reference/plugins/plugin-api-reference/

API entry from apis.yml

apis.yml Raw ↑ 
aid: falco:falco-plugin-api
name: Falco Plugin API
description: The Falco Plugin API provides a C ABI interface for developing plugins that extend Falco
  with new event sources and field extractors. Plugins are shared libraries that implement the plugin
  API and can be loaded at runtime to add support for new data sources such as cloud audit logs, container
  activity, and custom event streams.
humanURL: https://falco.org/docs/reference/plugins/plugin-api-reference/
tags:
- Developer Tools
- Event Sources
- Plugin
properties:
- type: Documentation
  url: https://falco.org/docs/developer-guide/
- type: Reference
  url: https://falco.org/docs/reference/plugins/plugin-api-reference/
- type: GitHubRepository
  url: https://github.com/falcosecurity/plugin-sdk-go