From the course: Kubernetes Threat and Attack Detection by Pearson
Join today to access over 25,200 courses taught by industry experts.
Understanding syscall behavioral analysis - Kubernetes Tutorial
From the course: Kubernetes Threat and Attack Detection by Pearson
Understanding syscall behavioral analysis
What is behavioral analysis? The concept of behavioral analysis comes down to a process. And this process's entire purpose is to watch the different events or actions that are happening within your environment to determine if those different actions or events are potentially malicious or if they're benign. Now, ultimately, there are a number of tools you can use for this. S-Trace is one that's available within practically every Linux platform that's out there. You've got Falco, Tracy, Tetragon. All these are examples of some really sophisticated tools that you can use to be able to take a look at what's happening at the process or syscall level. Because ultimately, that's going to be the best indication as to what's happening within your pod or container environment. Now, these various tools, we're going to focus on specifically Strace, and Falco, because those are the ones you're most likely to see on the exam. Now, when it comes to Linux syscall, we've seen this before. The idea is…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
(Locked)
Learning objectives43s
-
(Locked)
Understanding syscall behavioral analysis12m 28s
-
(Locked)
Using Falco for threat detection7m 14s
-
(Locked)
Falco host installation14m
-
(Locked)
Falco Kubernetes installation13m 51s
-
(Locked)
Falco configuration and rules7m 42s
-
(Locked)
Falco custom rules in action19m 17s
-
(Locked)
-
-