v0.7.0 — available now · 7-day free trial

Catch threats in your
Kubernetes cluster
before they catch you.

Kernel-level runtime threat detection built on Falco, running entirely in your own cluster. No phone-home, no telemetry — your alerts and cluster data never leave your infrastructure.

⎈ Helm install 🔒 Self-hosted ⚡ Kernel-level (eBPF) 💾 Perpetual license 🔧 No phone home
install
$ helm repo add kubesentry https://charts.kubesentry.io $ helm repo update $ helm install kubesentry kubesentry/kubesentry \ $ --namespace kubesentry --create-namespace

Installs in minutes · full product for 7 days · no credit card

live
Critical +1
2
High +3
5
Medium −4
12
Suppressed dedup
847

Recent alerts — last 24h

⌘ K
Severity Rule ×
CRIT Reverse shell in container 1
CRIT Crypto mining process detected 3
HIGH Privileged container started 1
HIGH Sensitive file accessed 6
HIGH RBAC role modified 1
MED Unusual outbound connection 2
MED Container drift detected 1
// how it works

From helm install to first alert in under 5 minutes.

01 install
$ helm install kubesentry \
    kubesentry/kubesentry

One-command install

Falco + collector + dashboard + alerter — all deployed via one Helm chart, on any cluster running a kernel Falco supports.

02 detect
Reverse shell in pod/payments-api
Crypto miner process
Privileged container started

Curated rules

14 KubeSentry rules tuned for low false positives — crypto miners, reverse shells, privilege escalation, lateral movement — running on top of Falco's default ruleset.

03 alert
→ Slack
→ Email digest
→ Discord / Teams
→ Custom webhook

Actionable alerts

Critical events fire instantly. Daily digests roll up the noise. Every KubeSentry rule ships with triage steps and remediation commands.

// why kubesentry

Enterprise security
at enterprise prices.
for €99.

Datadog. Sysdig. Aqua. Built for enterprises with security teams. KubeSentry is built for the rest of us — the five-to-fifty-person engineering org with real clusters and nobody whose full-time job is security.

Them
Datadog Cloud Security
$15+/host/mo
Us
KubeSentry
€99 one-time
Them
Sysdig Secure
$60+/host/mo
Us
KubeSentry
€99 one-time
Them
Aqua Enterprise
$Contact sales
Us
KubeSentry
€99 one-time
// pricing

Pay once. Own it.

One-time payment. Yours forever. Every tier includes all future updates — no subscription, no renewals, ever.

7-day free trial · no credit card

Solo

Individuals and very small clusters.

€99 once

perpetual license

1 cluster
  • Full dashboard + alerting
  • Curated ruleset + remediation advice
  • Email, Slack, Discord, Teams
  • All future updates, forever
Buy Solo
most popular

Team

Small teams running a handful of clusters.

€299 once

perpetual license

5 clusters
  • Full dashboard + alerting
  • Curated ruleset + remediation advice
  • Email, Slack, Discord, Teams
  • All future updates, forever
Buy Team

Pro

Larger deployments.

€499 once

perpetual license

Unlimited clusters
  • Full dashboard + alerting
  • Curated ruleset + remediation advice
  • Email, Slack, Discord, Teams
  • All future updates, forever
Buy Pro

Checkout and invoicing are handled by Lemon Squeezy (our merchant of record); VAT is calculated at checkout. Your license key is emailed to you automatically right after purchase — apply it with --set license=…. Don't want to buy yet? Install and run the 7-day trial first; it's the full product.

// questions

You probably want to know.

Is this just a Falco wrapper? +
Falco is the engine — open source, world-class, and free. KubeSentry is the experience around it: a curated ruleset tuned for low false positives, smart deduplication, a clean dashboard, email digests, multi-channel alerting, and triage + remediation guidance attached to every KubeSentry rule. Think of it as 'managed Falco you actually self-host.'
Is this a subscription? +
No. Pay once, use forever — including all future updates. There is no renewal, no maintenance window, and no recurring charge of any kind. Your license is perpetual: it never expires, on any version.
Does it phone home? +
No. Air-gapped friendly. License keys are validated offline with Ed25519 signatures against a public key compiled into the collector — your cluster never talks to a license server. Your alerts and cluster data never leave your infrastructure.
What about Wazuh / Tetragon / Kubescape? +
They're great tools. Wazuh is a full SIEM (heavyweight). Tetragon is powerful but low-level. Kubescape focuses on posture, not runtime. KubeSentry is opinionated and focused: real-time threat detection with zero setup pain. If you want to combine — go for it.
Can I try it before buying? +
Yes. Every install starts with a 7-day free trial — the full product, no restrictions, no credit card. Install the chart and it just works; a banner in the dashboard tracks the trial. Add a license key when you are ready.