Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

CNCF [Cloud Native Computing Foundation]

Intro to Falco - Intrusion Detection for Containers

CNCF [Cloud Native Computing Foundation] via YouTube

Overview

Explore runtime monitoring and intrusion detection for containers in this 36-minute talk from Shane Lawrence of Shopify. Learn how to protect Kubernetes clusters from malicious behavior using Falco, an open-source tool that combines kernel-level visibility with cluster-level awareness. Discover how to implement security policies, detect violations, and monitor containers in high-volume cloud environments. Gain insights on deploying Falco at scale, implementing and modifying rulesets, avoiding common pitfalls with eBPF probes and kernel modules, and managing alert volume. Understand real-world use cases, including detecting suspicious shell access in containers and addressing CVE-2020-8557.

Syllabus

Intro
Intro to "Intro to Intro to Falco"
The case for Falco
Deploying Falco
Modifying rules
Normalization
Suspicious shell access in container
Use case: instance metadata service (privileged)
Use case: CVE-2020-8557
Managing alerts

Taught by

CNCF [Cloud Native Computing Foundation]

Reviews

Start your review of Intro to Falco - Intrusion Detection for Containers

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.