Falco is open source security tool to do in depth analysis, observing anomolies, intrution and data thief in real time. Falco is used in K8s CKS exam. Falco have specified rules around security, if issue accures, notification triggered Falco could be connected to kubernetes via api, it supports Go.
Falcon is open source, but big companies who using it (Sysdig) develops it very well, by investing time into it.