Skip to content

exiett/plugins

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Plugins

GitHub branch checks state License

Note: The plugin system is a new feature introduced since Falco 0.31.0. You can find more detail in the original proposal document.

This repository contains the Plugin Registry and the plugins officially maintained by the Falcosecurity organization. Plugins can be used to extend Falco and of applications using Falcosecurity libs. Please refer to the official documentation to better understand the plugin system's concepts and architecture.

Plugin Registry

The Registry contains metadata and information about every plugin known and recognized by the Falcosecurity organization. It lists plugins hosted either in this repository or in other repositories. These plugins are developed for Falco and made available to the community. Check out the sections below to know how to register your plugins and see plugins currently contained in the registry.

Registering a new Plugin

Registering your plugin inside the registry helps ensure that some technical constraints are respected, such as that a given ID is used by exactly one source plugin and allows source plugin authors and extractor plugin authors to coordinate event source formats. Moreover, this is a great way to share your plugin project with the community and engage with it, thus gaining new users and increasing its visibility. We encourage you to register your plugin in this registry before publishing it. You can add your plugins in this registry regardless of where its source code is hosted (there's a url field for this specifically).

The registration process involves adding an entry about your plugin inside the registry.yaml file by creating a Pull Request in this repository. Please be mindful of a few constraints that are automatically checked and required for your plugin to be accepted:

  • The name field is mandatory and must be unique across all the plugins in the registry
  • (Source plugins only) The id field is mandatory and must be unique across all the source plugins in the registry
  • The plugin name and source fields should match this regular expression: ^[a-z]+[a-z0-9_]*$

For reference, here's an example of a source plugin entry:

- id: 2
  source: aws_cloudtrail
  name: cloudtrail
  description: ...
  authors: The Falco Authors
  contact: https://falco.org/community
  url: ...
  license: Apache-2.0

You can find the full registry specification here: (coming soon...)

Registered Plugins

The tables below list all the plugins currently registered. The tables are automatically generated from the registry.yaml file.

Source Plugins

ID Name Event Source Description Info
1 k8saudit k8s_audit Read Kubernetes Audit Events and monitor Kubernetes Clusters Authors: The Falco Authors
License: Apache-2.0
2 cloudtrail aws_cloudtrail Reads Cloudtrail JSON logs from files/S3 and injects as events Authors: The Falco Authors
License: Apache-2.0
3 dummy dummy Reference plugin used to document interface Authors: The Falco Authors
License: Apache-2.0
4 dummy_c dummy_c Like Dummy, but written in C++ Authors: The Falco Authors
License: Apache-2.0
5 docker docker Docker Events Authors: Thomas Labarussias
License: Apache-2.0
6 seccompagent seccompagent Seccomp Agent Events Authors: Alban Crequy
License: Apache-2.0
7 okta okta Okta Log Events Authors: The Falco Authors
License: Apache-2.0
999 test test This ID is reserved for source plugin development. Any plugin author can use this ID, but authors can expect events from other developers with this ID. After development is complete, the author should request an actual ID Authors: N/A
License: N/A

Extractor Plugins

Name Extract Event Sources Description Info
json N/A Extract values from any JSON payload Authors: The Falco Authors
License: Apache-2.0

Hosted Plugins

Another purpose of this repository is to host and maintain the plugins owned by the Falcosecurity organization. Each plugin is a standalone project and has its own directory, and they are all inside the plugins folder.

The master branch contains the most up-to-date state of development, and each plugin is regularly released. Please check our Release Process to know how plugins are released and how artifacts are distributed. Dev builds are published each time a Pull Request gets merged into master, whereas stable builds are released and published only when a new release gets tagged. You can find the published artifacts at https://download.falco.org/?prefix=plugins.

If you wish to contribute your plugin to the Falcosecurity organization, you just need to open a Pull Request to add it inside the plugins folder and to add it inside the registry. In order to be hosted in this repository, plugins must be licensed under the Apache 2.0 License.

Contributing

If you want to help and wish to contribute, please review our contribution guidelines. Code contributions are always encouraged and welcome!

License

This project is licensed to you under the Apache 2.0 Open Source License.

About

My Falco's plugins fork.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Go 87.5%
  • Makefile 7.6%
  • C++ 4.9%