From the course: Certified Kubernetes Security Specialist (CKS) Cert Prep

Unlock this course with a free trial

Join today to access over 25,300 courses taught by industry experts.

Using Falco for threat detection

Using Falco for threat detection - Kubernetes Tutorial

From the course: Certified Kubernetes Security Specialist (CKS) Cert Prep

Start my 1-month free trial Buy for my team

Using Falco for threat detection

- So what is Falco? Falco is a platform that is specifically called out in the CKS exam and you have access to all the documentation on the exam itself. So this is one that will be used to be able to help to identify malicious behavior in a Kubernetes cluster. And Falco is a cloud native compute foundation open-source project. It was created by Sysdig. They do have a commercial variation of Falco that they offer, but Falco is a community project and it does have some amazing capabilities for free. Now it's designed to be able to detect any type of anomalous activity on the host or on the container. And Falco is not necessarily just a Kubernetes project. It also has the ability to be able to be added as an intrusion detection system into a standard Linux host. You can also set policies and all kinds of other aspects of it. So to look at things like reading and writing a files, what an individual or what a process has access to, execution of binaries or the ability to be able to make…

Contents