1. Moscone South

This talk will show how, on a large container deployment, the speaker achieved insight into security events like file events on sensitive files, system call auditing, user level activity trail, network activity, etc., by customizing and plumbing a stack of open source tools that use the underlying Linux’s inotify and kernel audit components and by aggregating these events centrally in Elasticsearch.

Learning Objectives:
1: Learn about FIM and system call analysis using FOSS.
2: Gain insights from presenter’s experience implementing a large-scale solution.
3: See how easy access to insight into events can help secure an environment.

Download pdf