Falco Rules Changelog

Falco rules are used in the Sysdig Secure Policy Editor. On this page, you can read the most recent changes to Falco Rules.

Subscribe to the RSS feed to stay updated with the latest Falco rules.

Commit Date

Rule Notes

Version of the Falco Rules Installer (On-Prem)

January 05, 2026

Rule Changes

  • Reduced FPs for Create Symlink Over Sensitive Files rule.

  • Reduced FPs for Possible Remote Command Execution Detected rule.

  • Reduced FPs for BPF Command Executed by Fileless Program rule.

  • Reduced FPs for Modify Grub Configuration Files rule.

0.231.6

December 23, 2025

Rule Changes

  • Reduced FPs for Reverse Shell Spawned From Binary Through Pipes rule.

  • Reduced FPs for Create Symlink Over Sensitive Files rule.

  • Reduced FPs for Fileless Malware Detected rule.

0.231.5