Falco

Receive Falco runtime security alerts via HTTP output.

InboundSecurity
Start Free Trial

Quick Setup

Copy Webhook URL

Go to your Alert24 dashboard and copy the webhook URL for Falco.

Configure Falco

Add the webhook URL in your Falco settings.

Auto-Detected

Alert24 auto-detects Falco payloads and maps them to incidents.

Step-by-Step Setup Instructions

Falco HTTP Output Setup

1.Configure Falco's HTTP output in falco.yaml:
http_output:
  enabled: true
  url: <WEBHOOK_URL>
2.Or use Falcosidekick to forward alerts:
webhook:
  address: <WEBHOOK_URL>
3.Restart Falco

Example Webhook Payload

This is a sample payload that Falco sends to Alert24 when an alert fires.

{
  "priority": "CRITICAL",
  "rule": "Terminal shell in container",
  "output": "A shell was spawned in container (user=root container=web-app)",
  "source": "syscall",
  "time": "2024-01-15T10:30:00Z"
}

How Alert24 Maps Falco Data

Status Field

priority

Message Field

output

Auto-Create Incidents

Yes

Auto-Resolve Incidents

No

Status Mapping

Alert24 StatusFalco Values
degraded
WARNINGNOTICE
down
CRITICALALERTEMERGENCYERROR

Connect Falco to Alert24 in minutes

Free plan includes 5 monitors, 1 status page, and incident management. No credit card required.

Start Free TrialSee Pricing

More Security Integrations

Microsoft Defender for Cloud

Inbound

Receive Microsoft Defender for Cloud security alerts via Activity Log webhook.

Microsoft Sentinel

Inbound

Receive Microsoft Sentinel SIEM incident notifications via Logic Apps webhook.

Snyk

Inbound

Receive Snyk vulnerability and license issue alerts via webhook.

SonarQube

Inbound

Receive SonarQube quality gate and analysis notifications via webhook.

Trivy

Inbound

Receive Aqua Trivy container and IaC vulnerability scan results via webhook.

Dependabot

Inbound

Receive GitHub Dependabot security alert notifications via webhook.