Name: Deep Dive: Falco - Michael Ducy, Sysdig
Start: 2019-05-22T11:55:00+0200
End: 2019-05-22T12:30:00+0200

Barcelona, Spain
May 20–23, 2019
Click here for more information and registration

View Conference Venue and Sponsor Showcase Map

Back To Schedule

Deep Dive: Falco - Michael Ducy, Sysdig

Feedback form is now closed.

In any Cloud Native architecture there’s a seemingly endless stream of events that happen at each layer. These events can be used to detect abnormal activity and possible security incidents, as well as providing an audit trail of activity. In this talk we’ll cover how we extended Falco to ingest events beyond just host system calls, such as Kubernetes audit events or even application level events. We will also show how to create Falco rules to detect behaviors in these new event streams. We show how we implemented Kubernetes audit events in Falco, and how to configure the event stream. Finally, we will cover how to create additional event streams leveraging the generic implementation Falco provides. Attendees will gain deep understanding of Falco’s architecture, and how it custom Falco for additional events sources.

Speakers

Michael Ducy

Director of Open Source, Sysdig

Michael Ducy started his technology journey at a young age. Always curious, he was once threatened that he’d never have toys bought for him again if he didn’t stop taking them apart to see how they worked. His first workbench was given to him at the age of 5. His first programming... Read More →

Wednesday May 22, 2019 11:55 - 12:30 CEST
Hall 8.0 E5

Maintainer Track

Skill Level Intermediate (Mid-level experience)
Link to Session Recording https://youtu.be/maz3vS4tCqQ

KubeCon + CloudNativeCon Europe 2019

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Michael Ducy