🦅

Falco

Available

Falco is a cloud-native runtime security tool. Integrate runtime security alerts and threat detections into tapioca for incident tracking and response.

Get Started Documentation Official Website

What you can do

Create incident tasks from Falco alerts

Track security incidents in real-time

Categorize alerts by rule priority

Link alerts to affected containers/pods

Build incident response workflows

Generate security incident reports

Setup Instructions

Configure Falco output

Configure Falco to send alerts via HTTP. Edit your Falco configuration:

json_output: true
http_output:
  enabled: true
  url: YOUR_TAPIOCA_WEBHOOK_URL

Enable integration in tapioca

Go to Settings → Integrations → Falco and enable the integration. Copy your webhook URL.

Configure alert rules

Set up which Falco priorities should create tasks. Configure auto-assignment for incident response team.

Test the connection

Trigger a test Falco alert to verify the integration is working correctly.

Configuration Reference

Option	Type	Required	Description
webhook_url	string	Yes	Webhook URL for receiving Falco alerts
priority_threshold	enum	No	Minimum priority to create tasks Default: `WARNING`
incident_project	string	No	Project for security incidents
auto_assign_team	string	No	Team to auto-assign incidents to
include_raw_event	boolean	No	Include raw event data in task Default: `true`

Troubleshooting

Alerts are not reaching tapioca

Verify Falco's http_output is enabled and the URL is correct. Check network connectivity between Falco and tapioca.

Getting too many alerts

Increase the priority_threshold to only capture higher-severity alerts, or configure Falco rules to reduce noise.

Alert details are missing

Ensure json_output is enabled in Falco configuration for complete alert data.

Related Integrations

🔒 Trivy 📊 Prometheus 🔍 SonarQube

Need help with this integration?

Our team is here to help you get set up and running.

View Documentation Contact Support