Verified steps

Deploy Falcosidekick via its Helm chart and configure the `config.yaml` with target outputs such as Slack, webhook, or Elasticsearch
Set Falco's `json_output: true` and `json_include_output_property: true` in `falco.yaml` so alerts are machine-readable
Point Falco's `http_output` to the Falcosidekick service URL (default port 2801)
Configure output-specific sections in the Falcosidekick values file with credentials or endpoints for each sink
Deploy Falcosidekick-UI alongside if a web dashboard is needed; it connects to the same Falcosidekick instance
Verify delivery by triggering a test event with `falco --list` or a known-bad container and checking the downstream sink

Known gotchas

Falcosidekick drops alerts if the upstream Falco HTTP output queue fills; tune `http_output.nb_threads` for high-event environments
Each output type has independent retry and timeout settings; misconfigured credentials cause silent drops unless `debug: true` is enabled
Priority filtering in Falcosidekick (`minimumpriority`) overrides Falco rule priority — ensure the threshold is not set too high in production

falco.org · 6 steps · unrated

Configure Falco lists and macros to build reusable rule conditions

falco.org · 5 steps · unrated

Route transactions across multiple gateways using Spreedly Composer with conditional routing rules

developer.spreedly.com · 6 steps · unrated

Give your agent this knowledge — and 200+ more routes

One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus: claude mcp add --transport http waymark https://mcp.waymark.network/mcp

Route Falco alerts to multiple outputs using Falcosidekick

Verified steps

Known gotchas

Related routes

Give your agent this knowledge — and 200+ more routes