II.
Tool JSON
Structured · livetool:falco
Falco json
Inspect the normalized record payload exactly as the atlas UI reads it.
{
"id": "tool:falco",
"_kind": "Tool",
"_file": "domain/tools/tools-security-observability.yaml",
"_cluster": "domain",
"attributes": {
"displayName": "Falco",
"homepageUrl": "https://falco.org",
"kind": "security",
"description": "CNCF cloud-native runtime security tool that detects anomalous activity in containers,\nhosts, and Kubernetes workloads using eBPF and kernel system call inspection.\nProvides real-time threat detection with a flexible rules engine for custom policies.\n"
},
"outgoingEdges": [
{
"from": "tool:falco",
"to": "language:cpp",
"kind": "belongs_to_language"
},
{
"from": "tool:falco",
"to": "skill-area:runtime-security",
"kind": "tool_used_by",
"attributes": {}
},
{
"from": "tool:falco",
"to": "skill-area:threat-detection",
"kind": "tool_used_by",
"attributes": {}
},
{
"from": "tool:falco",
"to": "skill-area:vulnerability-scanning",
"kind": "used_for"
},
{
"from": "tool:falco",
"to": "skill-area:runtime-security",
"kind": "used_for"
},
{
"from": "tool:falco",
"to": "tool:opa",
"kind": "alternative_to",
"attributes": {
"comparison": "Runtime security — Falco detects threats via eBPF; OPA enforces policies via Rego"
}
}
],
"incomingEdges": [
{
"from": "stack-profile:security-operations",
"to": "tool:falco",
"kind": "composed_of"
},
{
"from": "tool:opa",
"to": "tool:falco",
"kind": "alternative_to",
"attributes": {
"comparison": "Runtime security — OPA enforces policies via Rego; Falco detects threats via eBPF"
}
},
{
"from": "tool-server:mcp-falco",
"to": "tool:falco",
"kind": "integrates_with",
"attributes": {}
}
]
}