Intro to Falco - Intrusion Detection for Containers
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore runtime monitoring and intrusion detection for containers in this 36-minute talk from Shane Lawrence of Shopify. Learn how to protect Kubernetes clusters from malicious behavior using Falco, an open-source tool that combines kernel-level visibility with cluster-level awareness. Discover how to implement security policies, detect violations, and monitor containers in high-volume cloud environments. Gain insights on deploying Falco at scale, implementing and modifying rulesets, avoiding common pitfalls with eBPF probes and kernel modules, and managing alert volume. Understand real-world use cases, including detecting suspicious shell access in containers and addressing CVE-2020-8557.
Syllabus
Intro
Intro to "Intro to Intro to Falco"
The case for Falco
Deploying Falco
Modifying rules
Normalization
Suspicious shell access in container
Use case: instance metadata service (privileged)
Use case: CVE-2020-8557
Managing alerts
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Data Base Management SystemIndian Institute of Technology, Kharagpur via Swayam Healthcare Data Models
University of California, Davis via Coursera Image Data Augmentation with Keras
Coursera Project Network via Coursera Compare time series predictions of COVID-19 deaths
Coursera Project Network via Coursera Practicing Machine Learning Interview Questions in R
DataCamp