A 10-Step Guide for Integrating Security Metrics Into Your Observability Stack

Discover a comprehensive 10-step guide for seamlessly integrating security metrics into your observability stack in this informative conference talk. Learn how to enhance your application's robustness by combining security tooling with existing observability processes. Explore the benefits of using the Prometheus ecosystem to manage and correlate metrics from different services, including security tools. Follow along as the speaker demonstrates how to integrate Trivy metrics with Prometheus, using the open-source security scanner as an example. Gain insights into understanding your needs, choosing a cloud-native security scanner, setting up dashboards and alerts, correlating metrics, and optimizing your approach. Acquire valuable tips for improving your team's security practices and expanding beyond basic security scanning.

Intro
Understanding your need
Choosing a cloud native Security Scanner
Setting it up & Making sure everything is running properly
Setting up a dashboard
What are metrics without alerts
Correlating Metrics
Some additional tips
Optimise based on what works for your team
Don't stop at security scanning