Upgrade to Pro — share decks privately, control downloads, hide ads and more …

FalcOMG That's Awesome

Leonardo Di Donato
May 06, 2021
Technology
0
200

FalcOMG That's Awesome

On this panel, the Falco maintainers will discuss the great things happening in Falco a cloud-native runtime security project, the de facto Kubernetes threat detection engine. This panel of key Falco maintainers will cover:
- Brief Overview of Falco and its history
- Updates on Falco and its subprojects (Falco, falcosidekick etc)
- Contributions of the core drivers and libraries (libsinsp , libscap, the kernel module driver the eBPF driver source) and what this means for the community
- Roadmap Capabilities.

What's Coming!

Interactive QA on what you would like to see in the project.

Leonardo Di Donato

May 06, 2021
Tweet

More Decks by Leonardo Di Donato

See All by Leonardo Di Donato
Coverage for eBPF programs
leodido
2
300
Scheduling eBPF on K8S doesn't have to be difficult
leodido
0
220
Bypass Falco
leodido
0
150
Falco: runtime security analysis through syscalls
leodido
2
500
Going Beyond CI/CD with Prow
leodido
0
190
Designing a gRPC Interface for Kernel Tracing with eBPF
leodido
0
470
Falco, runtime security analysis through syscalls
leodido
0
230
Cloud Native eBPF Instrumentation
leodido
7
760
Go eBPF superpowers
leodido
0
340

Other Decks in Technology

See All in Technology
KARTEのAPIサーバ化
line_developers
PRO
1
250
生活感のあるアーキテクチャ
pharma_x_tech
0
280
R Not Only in Production
karawoo
0
240
ヒューリスティックコンテストで機械学習しよう
nagiss
7
2.3k
今改めて見直してみるラズパイの真価
hamadakoji
1
140
サービスへの影響を抑えてデータベースの移行を実施したはなし Aurora MySQL -> Cloud SQL
pistatium
0
120
UIコンポーネントライブラリをうまく使うためにできること / components-with-designer
mottox2
4
2.3k
360度写真を使った 屋内地図の作成
kawajiritakayuki
0
150
Google Cloud Updates 2023/08/16 - 2023/08/31
no24oka
1
100
MySQLで処理するGIS 〜地球が丸いことを覚えたMySQL〜 Ver. 3?/mysql_gis_sphere
kochizufan
0
130
如何在 Elasticsearch 實現敏捷的資料建模與管理 @ DevOpsDays Taipei 2023
unclejoe
0
160
Mutating Meetup with GraphQL
adavis
1
560

Featured

See All Featured
Designing on Purpose - Digital PM Summit 2013
jponch
108
6.1k
Keith and Marios Guide to Fast Websites
keithpitt
407
21k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
6
7.1k
Designing for Performance
lara
601
66k
The Power of CSS Pseudo Elements
geoffreycrofte
56
4.6k
Practical Orchestrator
shlominoach
179
9.3k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
12
5.7k
Become a Pro
speakerdeck
PRO
8
3.5k
Product Roadmaps are Hard
iamctodd
42
8.7k
It's Worth the Effort
3n
179
27k
Designing the Hi-DPI Web
ddemaree
274
33k
The World Runs on Bad Software
bkeepers
PRO
59
6k

Transcript

  1. Falco OMG!
    PART 1
    gh:falcosecurity/falco

    View Slide

  2. Open Source Software Engineer
    Falco Maintainer
    Sysdig
    A talk with a lot of hand gestures
    2
    Leonardo Grasso
    Open Source Software Engineer
    Falco Maintainer
    Sysdig
    Leonardo Di Donato

    View Slide

  3. A timeline always works fine
    Falco created to
    parse libsinsp
    events!
    May 2016
    Accepted as a
    CNCF
    incubation level
    hosted project
    Jan 2020
    Sysdig Inc.
    donated Falco
    to the CNCF
    Oct 2018
    3
    May 2019
    Falco
    Community
    Calls start!
    @leodido + @leogr

    View Slide

  4. Falco release process 🔗
    is now fully open!
    ● Coherent SemVer 2 versioning 🌀
    ● Falco drivers versions
    ● Artifacts 📦 🐳
    ● Fully automated
    Join our Community Calls and propose
    yourself to be part of the next release
    team!
    @leodido + @leogr

    View Slide

  5. New contributors YaY!
    😺
    ❏ IBM
    ❏ Amazon
    ❏ Mercari
    ❏ Hetzner Cloud
    ❏ DeltaTre
    ❏ VMWare
    ❏ move:elevator
    gh:falcosecurity/.github/maintainers.yaml
    @leodido + @leogr

    View Slide

  6. Falco Open Infra
    ❏ EKS
    ❏ Kubernetes
    ❏ Prow
    ❏ ProwJob
    ❏ Plugins
    Thanks to Jonah & Max too!
    prow.falco.org 🔗
    gh:falcosecurity/test-infra 🔗
    ❏ How Falco uses Prow on AWS for open source testing
    ❏ By leodido and jonahjon @ AWS blog
    ❏ Going Beyond CI/CD with Prow
    ❏ By leodido @ KubeCon NA 2020
    ❏ Drivers Build Grid
    ❏ By leodido, fntlnz, and jonahjon
    ❏ Update maintainers list + ProwJob definition
    ❏ By leodido
    ❏ Update K8S manifests + ProwJob definition
    ❏ By leogr
    @leodido + @leogr

    View Slide

  7. download.falco.org
    🔗
    ❏ Packages
    ❏ RPM
    ❏ DEB
    ❏ Binary
    ❏ Drivers (more than 3,5K)
    ❏ Amazon Linux 1 & 2
    ❏ Ubuntu & Ubuntu AWS
    ❏ CentOS
    ❏ Debian
    @leodido + @leogr

    View Slide

  8. Contribution of the libraries
    and the drivers to the CNCF

    View Slide

  9. Contribution of the
    libraries and the drivers
    ❏ Libraries
    ❏ libsinsp
    ❏ libscap
    ❏ Drivers
    ❏ Kernel module
    ❏ eBPF probe
    @leodido + @leogr
    proposal 🔗
    blog post 🔗

    View Slide

  10. We go grab a coffee before you ask questions...
    10
    falcosidekick turn
    now!
    ❏ twitter.com/leodido
    ❏ github.com/leodido
    ❏ twitter.com/leogrease
    ❏ github.com/leogr
    ❏ github.com/falcosecurity/falco
    ❏ github.com/falcosecurity/libs
    ❏ kubernetes.slack.com/messages/falco

    View Slide

  11. Connect Falco to your
    ecosystem with Falcosidekick
    Falco OMG! PART 2
    gh:falcosecurity/falcosidekick

    View Slide

  12. less gesture but still a moustashe
    12
    Thomas Labarussias
    SRE at Qonto
    Falco Contributor
    Falcosidekick Creator

    View Slide

  13. Falco architecture
    13

    View Slide

  14. What is Falcosidekick
    14
    push
    push
    push
    push
    pull
    push
    push
    push
    push
    only if priority > critical

    View Slide

  15. What is Falcosidekick
    15
    github.com/falcosecurity/falcosidekick
    chat logs queue/streaming
    faas metrics alerting storage
    and more ...
    Connects Falco to
    your ecosystem

    View Slide

  16. Respond to threats
    16
    AWS Lambda
    Kubeless
    OpenFaas
    Knative
    Detection Notification
    Action

    View Slide

  17. Demo
    17

    View Slide

  18. “how to translate Falco
    website into your language”
    turn now!
    ❏ github.com/Issif
    ❏ github.com/falcosecurity/falcosidekick
    ❏ github.com/falcosecurity/falcosidekick-ui

    View Slide

  19. Falco i18n
    Falco OMG! PART 3
    gh:falcosecurity/falcosidekick

    View Slide

  20. “In real open source, you have the right to control your own destiny.” Linus
    Torvalds
    20
    Radhika Puthiyetath
    Principal Technical Writer, Sysdig Inc.
    Falco Maintainer

    View Slide

  21. Falco i18n
    21
    ● Contributor Guidelines
    ● Translation Guidelines
    ● OWNER File
    ● config.toml
    ● i18n directory
    ● content directory

    View Slide

  22. Let us grab a coffee and talk more about i18n
    Thank You

    View Slide