are sysdig's falco and osquery competitors?

(Not familiar with Falco previously but I just did a little reading. Very familiar with osquery.) Falco seems to expose much of the same information as osquery, however with a focus solely on k8s runtimes. Osquery can expose a lot of the same information (and much more), but across Windows, macOS, and Linux platforms. There is much less integration between osquery and any container runtime (though there are tables that work with various aspects of containers).

I would say the compliment each other and are used for slightly different purposes. Falco is used in conjunction with osquery deployed as a daemonset on our k8s to gain different levels of insights. Mainly due to Falco being an probe recording syscals providing real time alerting for certain behaviours . osquery gives us scheduled insights and point in time references.

osquery is open source. to some degree, it doesn’t have competitors… There are vendors here that use it, but osquery itself is not directly vendor controlled.