Google Antigravity Directory

The #1 directory for Google Antigravity prompts, rules, workflows & MCP servers. Optimized for Gemini 3 agentic development.

Resources

PromptsMCP ServersAntigravity RulesGEMINI.md GuideBest Practices

Company

Submit PromptAntigravityAI.directory

Popular Prompts

Next.js 14 App RouterReact TypeScriptTypeScript AdvancedFastAPI GuideDocker Best Practices

Legal

Privacy PolicyTerms of ServiceContact Us
Featured on FazierFeatured on WayfindioAntigravity AI - Featured on Startup FameFeatured on Wired BusinessFeatured on Twelve ToolsListed on Turbo0Featured on findly.toolsFeatured on Aura++That App ShowAI ToolzShinyLaunchMillion Dot HomepageSolver ToolsFeatured on FazierFeatured on WayfindioAntigravity AI - Featured on Startup FameFeatured on Wired BusinessFeatured on Twelve ToolsListed on Turbo0Featured on findly.toolsFeatured on Aura++That App ShowAI ToolzShinyLaunchMillion Dot HomepageSolver Tools

© 2026 Antigravity AI Directory. All rights reserved.

The #1 directory for Google Antigravity IDE

This website is not affiliated with, endorsed by, or associated with Google LLC. "Google" and "Gemini" are trademarks of Google LLC.

Antigravity AI Directory
PromptsMCPBest PracticesUse CasesLearn
Home
MCP Servers
Falco MCP
🦅

Falco MCP MCP Server

Cloud-native runtime security project.

falcoruntimekubernetesdetection

About

## Falco MCP Server: Cloud-Native Runtime Security The **Falco MCP Server** integrates the CNCF Falco runtime security tool into Google Antigravity, enabling real-time detection of abnormal behavior, intrusions, and policy violations across containers and Kubernetes environments. ### Why Falco MCP? - **Runtime detection** - Detect suspicious behavior in running containers - **Kubernetes security** - Monitor K8s API calls and pod activities - **Custom rules** - Define security policies with flexible rule language - **Alert management** - Configure and route security alerts - **Cloud integration** - Extend to AWS, GCP, and Azure cloud events ### Key Features #### 1. Security Event Monitoring ```python # Get recent security events events = await mcp.call("falco", "get_events", { "priority": ["critical", "error", "warning"], "source": "syscall", "time_range": "1h" }) for event in events: print(f"Priority: {event[\"priority\"]}, Rule: {event[\"rule\"]}") print(f"Container: {event[\"container_name\"]}") print(f"Output: {event[\"output\"]}") ``` #### 2. Rule Management ```python # Create custom Falco rule rule = await mcp.call("falco", "create_rule", { "name": "Crypto Mining Detection", "description": "Detect potential cryptocurrency mining", "condition": "spawned_process and proc.name in (xmrig, minerd)", "output": "Crypto miner detected user=%user.name proc=%proc.name", "priority": "critical", "tags": ["cryptomining", "mitre_execution"] }) # Enable rule in production await mcp.call("falco", "enable_rule", { "rule_name": rule["name"], "namespaces": ["production", "staging"] }) ``` #### 3. Container Monitoring ```python # Get container-specific events container_events = await mcp.call("falco", "get_container_events", { "container_id": "abc123", "include_k8s_metadata": True }) # Monitor specific pod pod_alerts = await mcp.call("falco", "monitor_pod", { "namespace": "production", "pod_name": "web-server-xxx", "rules": ["Terminal shell in container", "Write below root"] }) ``` #### 4. Alert Configuration ```python # Configure alert routing await mcp.call("falco", "configure_alerts", { "outputs": [ {"type": "slack", "webhook": "https://hooks.slack.com/xxx"}, {"type": "pagerduty", "routing_key": "xxx"} ] }) # Create alert aggregation rule await mcp.call("falco", "create_aggregation", { "rules": ["Shell Spawned in Container"], "window": "5m", "threshold": 10 }) ``` ### Configuration ```json { "mcpServers": { "falco": { "command": "npx", "args": ["-y", "@anthropic/mcp-falco"], "env": { "FALCO_URL": "http://falco.security.svc:8765", "FALCO_API_KEY": "your-api-key" } } } } ``` ### Use Cases **Container Security**: Detect shell access and file modifications in containers. **Kubernetes Monitoring**: Alert on suspicious K8s API calls and privilege escalation. **Compliance Enforcement**: Create rules that enforce security policies. **Threat Detection**: Identify malware and cryptominers in real-time. The Falco MCP Server brings runtime security visibility into your cloud-native infrastructure.

Installation

Configuration
{
  "mcpServers": {
    "falco": {}
  }
}

How to Use

    Related MCP Servers

    🧰

    Toolhouse MCP

    Universal AI tool platform that equips your AI with production-ready capabilities. Execute code, browse the web, manage files, send emails, and more through a unified MCP interface.

    🔨

    Smithery Registry MCP

    The MCP server registry and discovery platform. Browse, search, and install MCP servers from the community. Find the perfect integrations for your AI development workflow.

    🔍

    MCP Inspector

    Official debugging and testing tool for MCP servers. Inspect server capabilities, test tool calls, validate responses, and debug protocol communication in real-time.

    ← Back to All MCP Servers