Sysdig falco is an open source, container security monitor designed to detect anomalous activity in your applications. Falco lets you continuously monitor and detect container, application, host, and network activity... all in one place, from one source of data, with one set of customizable rules. In other words, think snort + ossec + strace.
In this talk, I will discuss how to install falco, how to create monitoring rules, and how to respond to malicious activity.
Slides and example code will be provided via GitHub.