Overview
Explore a comprehensive deep dive into Falco, presented by Jorge Salamero Sanz from Sysdig in this 38-minute conference talk. Gain insights into extending Falco's capabilities to ingest events beyond host system calls, including Kubernetes audit events and application-level events. Learn how to create Falco rules for detecting behaviors in new event streams and understand the implementation of Kubernetes audit events in Falco. Discover the process of configuring event streams and creating additional ones using Falco's generic implementation. Acquire a deep understanding of Falco's architecture and learn how to customize it for various event sources, enhancing your ability to detect abnormal activity and potential security incidents in Cloud Native architectures.
Syllabus
Deep Dive: Falco - Jorge Salamero Sanz, Sysdig
Taught by
CNCF [Cloud Native Computing Foundation]