Loading…
November 13–15, 2018 - Shanghai, China
Click Here For Information & Registration

To view the Chinese version of this schedule please go here.
请点击此处查看中文版本。

我们将为所有主题演讲和分组会议提供同声传译服务。
Simultaneous translation will be provided for all keynote and breakout sessions.
View analytic
Thursday, November 15 • 15:05 - 15:40
Deep Dive: Falco - Jorge Salamero Sanz, Sysdig

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
In any Cloud Native architecture, there’s a seemingly endless stream of events that happen at each layer. These events can be used to detect abnormal activity and possible security incidents, as well as providing an audit trail of activity. In this talk, we’ll cover how we extended Falco to ingest events beyond just host system calls, such as Kubernetes audit events or even application level events. We will also show how to create Falco rules to detect behaviors in these new event streams. We show how we implemented Kubernetes audit events in Falco, and how to configure the event stream. Finally, we will cover how to create additional event streams leveraging the generic implementation Falco provides. Attendees will gain a deep understanding of Falco’s architecture, and how it custom Falco for additional events sources. 

Speakers
avatar for Jorge Salamero Sanz

Jorge Salamero Sanz

Technical Marketing Manager, Sysdig
Jorge enjoys monitoring all the things, from his Docker containers and Kubernetes clusters to writing sensors plugins for DIY IoT projects with Raspberry PI and ESP8266. Currently he is part of the Sysdig team, and in the past was one of the promoters of HumanOps and a Debian developer... Read More →


Thursday November 15, 2018 15:05 - 15:40
2F Room 4