Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

CNCF [Cloud Native Computing Foundation]

Threat Hunting at Scale - Auditing Thousands of Clusters With Falco and Fluent

CNCF [Cloud Native Computing Foundation] via YouTube

Overview

Explore a comprehensive threat hunting strategy for auditing thousands of Kubernetes clusters using Falco and Fluent Bit. Learn how Trendyol tackles the challenge of tracking components, resources, users, and teams across their extensive production-grade Kubernetes infrastructure. Discover the power of Kubernetes audit logs in monitoring cluster changes, and see how Falco consumes kernel events, enriching them with Kubernetes information. Understand the role of Fluent Bit in collecting logs from various sources, including containers and Falco, and how it extends them with filters before sending to multiple destinations. Dive into the implementation of a highly-available log aggregation system using Loki, and learn about creating and managing alerting rules for log data. Follow along as the speakers combine these elements to introduce a novel Audit Monitoring System, complete with demonstrations and insights into overcoming challenges in large-scale threat hunting.

Syllabus

Introduction
Presentation Overview
Falco Overview
Falco Data Pipeline
Why Falco with Log Processor
Monitoring
Log Query
Log Organization
Metric Queries
Challenges
Specs
Dashboards
Demo
Bonus

Taught by

CNCF [Cloud Native Computing Foundation]

Reviews

Start your review of Threat Hunting at Scale - Auditing Thousands of Clusters With Falco and Fluent

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.