From 9729058b9ba76a9237db411dd47a8fa8c64721fd Mon Sep 17 00:00:00 2001
From: Henri DF <henridf@gmail.com>
Date: Mon, 2 May 2016 10:59:31 -0700
Subject: [PATCH] Update README.md

---
 README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 6fa554a6..763e0a91 100644
--- a/README.md
+++ b/README.md
@@ -4,8 +4,9 @@
 ## Overview
 Brief description of what, why, how, and pointer to website.
 
-### What kind of events can Falco detect?
+### What kind of behaviors can Falco detect?
 
+Falco can detect and alert on any behavior that involves making Linux system calls.  Thanks to Sysdig's core decoding and state tracking functionality, Falco alerts can be triggered by the use of specific system calls, their arguments, and by properties of the calling process. Rules are expressed in a high-level, human-readable language. 
 
 
 ## Installing Falco