Threat Hunting at Scale - Auditing Thousands of Clusters With Falco and Fluent
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore a comprehensive threat hunting strategy for auditing thousands of Kubernetes clusters using Falco and Fluent Bit. Learn how Trendyol tackles the challenge of tracking components, resources, users, and teams across their extensive production-grade Kubernetes infrastructure. Discover the power of Kubernetes audit logs in monitoring cluster changes, and see how Falco consumes kernel events, enriching them with Kubernetes information. Understand the role of Fluent Bit in collecting logs from various sources, including containers and Falco, and how it extends them with filters before sending to multiple destinations. Dive into the implementation of a highly-available log aggregation system using Loki, and learn about creating and managing alerting rules for log data. Follow along as the speakers combine these elements to introduce a novel Audit Monitoring System, complete with demonstrations and insights into overcoming challenges in large-scale threat hunting.
Syllabus
Introduction
Presentation Overview
Falco Overview
Falco Data Pipeline
Why Falco with Log Processor
Monitoring
Log Query
Log Organization
Metric Queries
Challenges
Specs
Dashboards
Demo
Bonus
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network