FIM and System Call Auditing at Scale in a Large Container Deployment


Posted on in Presentations

This talk will show how, on a large container deployment, the speaker achieved insight into security events like file events on sensitive files, system call auditing, user level activity trail, network activity, etc., by customizing and plumbing a stack of open source tools that use the underlying Linux’s inotify and kernel audit components and by aggregating these events centrally in Elasticsearch.

Learning Objectives:
1: Learn about FIM and system call analysis using FOSS.
2: Gain insights from presenter’s experience implementing a large-scale solution.
3: See how easy access to insight into events can help secure an environment.

Participants
Ravi Honnavalli

Participant

Staff Engineer, Walmart

Analytics Intelligence & Response

cloud security governance risk & compliance security analytics audit


Topic

Subtopic


Share With Your Community