Overview
Dive into the world of cloud-native runtime security with this comprehensive video on Falco, the open-source project and de facto Kubernetes threat detection engine. Learn about Falco's origins, its role in the CNCF, and how it detects unexpected application behavior and alerts on threats at runtime. Explore Linux requirements, installation processes, and default rules. Gain hands-on experience by triggering Falco alerts, sending Kubernetes events to a web-hook receiver, and integrating Kubernetes Auditing. Discover the Falco Evolution repository and the concept of userspace Falco with pdig. Throughout the video, engage with practical demonstrations, including storing "secrets" in ConfigMaps and breaking Falco rules intentionally. Perfect for those looking to enhance their cloud security knowledge and implement robust threat detection in Kubernetes environments.
Syllabus
- Holding screen
- Introductions
- What is Falco?
- Linux requirements for Falco
- Installing Falco
- Making Falco angry Breaking a Falco rule
- Falco default rules
- Manually sending Kubernetes events to Falco web-hook receiver
- Adding Kubernetes Auditing to Falco
- Triggering Falco from Kubernetes Storing "secret" in a ConfigMap
- What is Falco Evolution repository?
- Falco pdig Userspace Falco
- Question: Is there a GUI?
Taught by
Rawkode Academy