Skip to main content
Security Dolibarr Falco DoliFalco Intrusion detection SIEM

DoliFalco: Real-time security monitoring for your Dolibarr instance

DoliFalco integrates Falco into your Dolibarr infrastructure to detect suspicious behavior and intrusions in real time. A security shield for your ERP.

| E-dem
DoliFalco: Real-time security monitoring for your Dolibarr instance

Dolibarr security: often underestimated

Dolibarr is an open-source ERP widely used by SMEs and freelancers. It holds critical data: invoices, customer contacts, financial information, supplier access... And yet many Dolibarr instances are deployed without active security monitoring.

The question isn't if your instance will be targeted — it's when. Attacks are increasingly automated: port scans, brute force login attempts, exploitation of plugin vulnerabilities. Without detection, you'll only find out when it's too late.

What is Falco?

Falco is a real-time threat detection tool for Linux environments and containers. It monitors system calls at the kernel level and triggers alerts when behavior matches a predefined or custom security rule.

Examples of behaviors Falco can detect:

  • A web process (PHP, nginx) attempting to execute a shell command
  • An unexpected modification to a critical configuration file
  • An outbound network connection from an application container
  • Access to /etc/shadow or private key files
  • An unknown user connecting to the system

Falco is used in production by organizations like AWS, Google, and many others running critical infrastructure.

What DoliFalco brings to your Dolibarr

DoliFalco is our module that connects Falco to the Dolibarr interface, giving you visibility into security events on your infrastructure — directly from your ERP.

Security dashboard

DoliFalco adds a dashboard to Dolibarr that displays Falco-generated alerts in real time: severity level, event type, involved process, timestamp.

No more logging into a separate tool or reading raw log files.

Configurable alerts

You define which types of events warrant a notification. Critical alerts can be escalated via email or webhook to a communication tool (Slack, Teams, Telegram...).

History and audit trail

All events are retained and searchable. This simplifies post-incident investigation: you can trace exactly what happened, when, and on which component.

Rules tailored for Dolibarr

DoliFalco includes a set of Falco rules specifically adapted to the normal behavior of a Dolibarr instance — reducing false positives and letting you quickly spot genuine anomalies.

Who is it for?

  • Hosting providers and integrators who deploy Dolibarr for their clients and want to offer an additional security layer
  • IT managers in organizations with security or compliance requirements (ISO 27001, GDPR...)
  • Any organization running Dolibarr in production that wants visibility into what's happening on its infrastructure

What you need

DoliFalco requires:

  • A Dolibarr instance hosted on Linux (not compatible with shared hosting)
  • Falco installed on the host server or as a sidecar container
  • The DoliFalco module activated in Dolibarr

Setup can be assisted by our team. Contact us if you'd like to assess your current security posture or deploy DoliFalco on your infrastructure.

A Dolibarr project?

Our modules and Dolibarr expertise are here to support you.

Contact us