InboundSecurity

Falco + Alert24

Turn Falco alerts into actionable incidents in Alert24, with on-call routing, escalations, and status updates.

Start Free TrialSee Pricing

Receive Falco runtime security alerts via HTTP output.

Auto-detected payloads

Alert24 recognizes Falco webhooks out of the box and maps fields to incidents automatically.

On-call routing & escalations

Page the right engineer over SMS, voice, push, email, or chat with policy-driven escalations.

Auto-updating status pages

Promote incidents to a public or private status page with one click and keep customers informed.

Change correlation & AI RCA

Recent deploys, infra updates, and feature flag flips surface alongside the incident for faster root cause.

Quick Setup

Copy Webhook URL

Go to your Alert24 dashboard and copy the webhook URL for Falco.

Configure Falco

Add the webhook URL in your Falco settings.

Auto-Detected

Alert24 auto-detects Falco payloads and maps them to incidents.

Step-by-Step Setup Instructions

Falco HTTP Output Setup

1.Configure Falco's HTTP output in falco.yaml:
http_output:
  enabled: true
  url: <WEBHOOK_URL>
2.Or use Falcosidekick to forward alerts:
webhook:
  address: <WEBHOOK_URL>
3.Restart Falco

Example Webhook Payload

This is a sample payload that Falco sends to Alert24 when an alert fires.

{
  "priority": "CRITICAL",
  "rule": "Terminal shell in container",
  "output": "A shell was spawned in container (user=root container=web-app)",
  "source": "syscall",
  "time": "2024-01-15T10:30:00Z"
}

How Alert24 Maps Falco Data

Status Field

priority

Message Field

output

Auto-Create Incidents

Yes

Auto-Resolve Incidents

No

Status Mapping

Alert24 StatusFalco Values
degraded
WARNINGNOTICE
down
CRITICALALERTEMERGENCYERROR

Connect Falco to Alert24 in minutes

Free plan includes 5 monitors, 1 status page, and incident management. No credit card required.

Start Free TrialSee Pricing

More Security Integrations

Microsoft Defender for Cloud

Inbound

Receive Microsoft Defender for Cloud security alerts via Activity Log webhook.

Microsoft Sentinel

Inbound

Receive Microsoft Sentinel SIEM incident notifications via Logic Apps webhook.

Snyk

Inbound

Receive Snyk vulnerability and license issue alerts via webhook.

SonarQube

Inbound

Receive SonarQube quality gate and analysis notifications via webhook.

Trivy

Inbound

Receive Aqua Trivy container and IaC vulnerability scan results via webhook.

Dependabot

Inbound

Receive GitHub Dependabot security alert notifications via webhook.