What are your users kubectl-ing into your Kubernetes cluster? - TIB AV-Portal

What are your users kubectl-ing into your Kubernetes cluster?

Formale Metadaten

Titel

What are your users kubectl-ing into your Kubernetes cluster?

Serientitel

Anzahl der Teile

561

Autor

Lizenz

CC-Namensnennung 2.0 Belgien:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.

Identifikatoren

10.5446/44653 (DOI)

Herausgeber

Erscheinungsjahr

Sprache

Inhaltliche Metadaten

Fachgebiet

Genre

Abstract

In any Cloud Native architecture, there’s a seemingly endless stream of events that happen at each layer. These events can be used to detect abnormal activity and possible security incidents, as well as providing an audit trail of activity. In this talk, we’ll cover how we extended Falco, the container behavior monitoring tool to ingest events beyond just host system calls, such as Kubernetes audit events. We will also show how to create Falco rules to detect behaviors in these new event streams, eg: a user trying to create a serviceAccount or storing some credentials in a ConfigMap rather than on a Secret. Attendees will gain a deep understanding of Kubernetes audit system, and how to audit and trigger events based on Kubernetes anomalous behavior.