From the course: Kubernetes Threat and Attack Detection by Pearson
Join today to access over 25,200 courses taught by industry experts.
Falco configuration and rules - Kubernetes Tutorial
From the course: Kubernetes Threat and Attack Detection by Pearson
Falco configuration and rules
FALCO rules are set in place to be able to address a number of different things. The first of all is the fact that FALCO rules are really what defines what is going to be monitored as well as how you identify any type of suspicious activity in the system. Now the rules are going to be written in YAML format, so they're very flexible in how you You can construct them as well as the syntaxes. It's pretty easy to understand. Now, there are a number of key components. You're going to have the rules, macros, and lists. Those are the basic building blocks of creating the various policies as well as the monitoring definitions that you're going to put into Falco. Now, creating a rule is pretty straightforward. You're going to have a number of required fields. Now, there's five primary required fields. First one is the rule. This needs to be a unique name. There's a description that's going to be used to be able to describe the rule itself. And then there's a condition. And this is where…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
(Locked)
Learning objectives43s
-
(Locked)
Understanding syscall behavioral analysis12m 28s
-
(Locked)
Using Falco for threat detection7m 14s
-
(Locked)
Falco host installation14m
-
(Locked)
Falco Kubernetes installation13m 51s
-
(Locked)
Falco configuration and rules7m 42s
-
(Locked)
Falco custom rules in action19m 17s
-
(Locked)
-
-