Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Extend Falco with Plugins - Trigger Alerts with Any Stream of Events

CNCF [Cloud Native Computing Foundation] via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the evolution and extended capabilities of Falco, a cloud-native runtime security project, in this 42-minute CNCF conference talk. Dive into Falco's architecture, including libscap and libsinsp libraries, and learn about the new plugin system that allows for triggering alerts with any stream of events. Discover the technical details of source and extractor plugins, their implementation, and settings. Gain insights into the Plugin SDK Go, its benefits, and how to get started. Examine real-world applications, such as the AWS Cloudtrail and JSON plugins, through a live demonstration. Understand ongoing developments like shared libraries for plugins and see how Falco can be applied to pet surveillance. Conclude with useful links and information on how to contribute to the Falco project.

Syllabus

Intro
What is Falco: Reminder
What is Falco: Now
Falco Architecture
libscap aka library for System Capture
libsinsp aka library for System INSPection
Falco: the Evolution
Plugins: Technical Details
Plugins: 2 Flavors
Source plugins: Sequence Diagram
Extractor plugins: Sequence Diagram
Plugins: Settings
Plugins: Technical Caveats
Plugin SDK Go: Why
Plugin SDK Go: Getting started
Plugins: The Registry
AWS Cloudtrail Plugin
JSON Plugin
Demo Time
WIP: Shared libs/modules for plugins
Falco with Real World: Pet Surveillance
Useful links
Contribute to Falco

Taught by

CNCF [Cloud Native Computing Foundation]

Reviews

Start your review of Extend Falco with Plugins - Trigger Alerts with Any Stream of Events

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.