Name: Deep Dive: Falco - Mark Stemm, Sysdig
Start: 2018-12-13T15:40:00-0800
End: 2018-12-13T16:15:00-0800

Seattle, WA
December 10–13, 2018
Click Here for More Information & Registration
View Venue Map

Deep Dive: Falco - Mark Stemm, Sysdig

Feedback form is now closed.

In any Cloud Native architecture, there’s a seemingly endless stream of events that happen at each layer. These events can be used to detect abnormal activity and possible security incidents, as well as providing an audit trail of activity. In this talk, we’ll cover how we extended Falco to ingest events beyond just host system calls, such as Kubernetes audit events or even application level events. We will also show how to create Falco rules to detect behaviors in these new event streams. We show how we implemented Kubernetes audit events in Falco, and how to configure the event stream. Finally, we will cover how to create additional event streams leveraging the generic implementation Falco provides. Attendees will gain a deep understanding of Falco’s architecture, and how it custom Falco for additional events sources.

Speakers

Mark Stemm

Senior Software Engineer, Sysdig

Mark is a Senior Software Engineer at Sysdig. He has a B.S. in Math/CS from Carnegie Mellon University and a M.S./Ph.D. in Computer Science from the University of California, Berkeley. He's worked at Fast Forward Networks on the first generation of internet-based live video broadcasting... Read More →

Falco DeepDive Kubecon pdf

Thursday December 13, 2018 3:40pm - 4:15pm PST
Tahoma 5 @ TCC The Conference Center (TCC) - Separate from WSCC building

Maintainers Track

Skill Level Intermediate
Link to Session Recording https://youtu.be/v9wYiGHwVrg

KubeCon + CloudNativeCon North America 2018

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Mark Stemm