In any Cloud Native architecture there’s a seemingly endless stream of events that happen at each layer. These events can be used to detect abnormal activity and possible security incidents, as well as providing an audit trail of activity.

In this talk we’ll cover how we extended Falco to ingest events beyond just host system calls, such as Kubernetes audit events or even application level events. We will also show how to create Falco rules to detect behaviors in these new event streams. We show how we implemented Kubernetes audit events in Falco, and how to configure the event stream.

Finally, we will cover how to create additional event streams leveraging the generic implementation Falco provides. Attendees will gain deep understanding of Falco’s architecture, and how it custom Falco for additional events sources.

Comments

Please login to leave a comment

Very good presentation, real example about security that really caught our attention. Congrats

It's magic 🙌🙌🙌

Rated 5

Javi at 12:32 on 6 Jun 2019

Congratulations, excellent talk and speaker. Really clear examples

Rated 5

Mauro Rocha at 12:46 on 6 Jun 2019

Great talk. Real examples and live demo worked just fine and surprised us.

Speaker ⭐⭐⭐⭐⭐

Everything was awesome: Falco itself, the background provided, the demo, the speaker. Congratulations!

Rated 5

Rubén Vazquez at 16:08 on 6 Jun 2019

Very intetesting

Rated 3

Buitaker at 18:48 on 6 Jun 2019

Interesting solution, tool and approach!

Rated 5

Jaume at 12:49 on 7 Jun 2019

Fantastic tool, impressive demo and super nice speaker.