It is very important to understand behavioral analytics. Your explanation is very detailed enough to understand Falco rules and how to implement. Thank you Ramana!!
thank you, sir, for making the nice video regarding Falco, it was really helpful, I would like to ask you a question about the Falco rule of "Analyse the container behavior for at least 20 seconds, using filters that detect newly spawning and executing processes in a single container of Nginx", could you please help me with it?
Sir, excellent video and great demo. My question what is your K8;s cluster setup like ?. Is it minikube running on your Apple laptop or is it an AWS EKS cluster with a Master and Node. If i want to setup on my Apple Laptop with minikube just for demo will it work.
Yes you can use minikube single node Kubernetes cluster for practice. Otherwise other approach is 2 or more node k8s cluster using vargrant. Github Link is in the description. For CKS practice need to modify control plane hence vagrant cluster is best
Not that I know of. For such requirements falco kind of malicious activity monitoring tools will. Example If only exec, we make use of falco rule by tweaking some indicator from shell. Another way is if you know golang build custom plugin which will help to do require operation/event
SIR , in cks exam how do we know which rule to copy from /etc/Falco/falco_rules.yaml to /etc/Falco/falco_rules.local.yaml .. will they give which rule to copy in the question or how does that work sir... Please just tell me if they will give it in question or how it works .. please do reply it sir ... I will be waiting
In the question they will give you title...we need to search similar one in falco.yaml also keep in mind its INFO, Warning or ERROR etc...based on that you need copy existing
sir,how hot get output to file for falco as daemonset,i configured falco.yaml file-out put =true but not getting,should i create file in path or automatically created when configure file_output=true please respond
If you are using falco as daemonset(using helm), your falco configuration is in configmap. Check configmap and modify/override accordingly. Remember falco.yaml is applicable when you use linux service based approach. Check my video again and/or read documentation
@@learnwithgvr okay, thank you. Do I set up and connect the master node and slave node in Kubernetes and then start working with Falco installation and next steps?
It is very important to understand behavioral analytics. Your explanation is very detailed enough to understand Falco rules and how to implement. Thank you Ramana!!
My pleasure
i see here the first time one youtube explained all in one. bravo superb .
Thanks and welcome
It’s very useful and ur content of explanation is very awesome and get cleared thanks for ur cks
Great to hear. Thanks
thank you, sir, for making the nice video regarding Falco, it was really helpful, I would like to ask you a question about the Falco rule of "Analyse the container behavior for at least 20 seconds, using filters that detect newly spawning and executing processes in a single container of Nginx", could you please help me with it?
Sir, excellent video and great demo. My question what is your K8;s cluster setup like ?. Is it minikube running on your Apple laptop or is it an AWS EKS cluster with a Master and Node. If i want to setup on my Apple Laptop with minikube just for demo will it work.
Yes you can use minikube single node Kubernetes cluster for practice. Otherwise other approach is 2 or more node k8s cluster using vargrant. Github Link is in the description. For CKS practice need to modify control plane hence vagrant cluster is best
@@learnwithgvr do you have the instructions for creating a 2 node cluster with vagrant ?
@@kumar.jayanti9700 github.com/ramanagali/k8s-cluster
Use this to create your own cluster
Thanks for great video. Is there any way to log kubernetes user who exec to a pod an executed soma commands?
Not that I know of. For such requirements falco kind of malicious activity monitoring tools will. Example If only exec, we make use of falco rule by tweaking some indicator from shell. Another way is if you know golang build custom plugin which will help to do require operation/event
SIR , in cks exam how do we know which rule to copy from /etc/Falco/falco_rules.yaml to /etc/Falco/falco_rules.local.yaml .. will they give which rule to copy in the question or how does that work sir... Please just tell me if they will give it in question or how it works .. please do reply it sir ... I will be waiting
In the question they will give you title...we need to search similar one in falco.yaml also keep in mind its INFO, Warning or ERROR etc...based on that you need copy existing
sir,how hot get output to file for falco as daemonset,i configured falco.yaml file-out put =true but not getting,should i create file in path or automatically created when configure file_output=true
please respond
If you are using falco as daemonset(using helm), your falco configuration is in configmap. Check configmap and modify/override accordingly. Remember falco.yaml is applicable when you use linux service based approach. Check my video again and/or read documentation
@@learnwithgvr thank you sir
which zsh theme are you using?
i am using powerlevel10k & kubecolor
How to download and set up slack and containers to monitor using Falco in Kali Linux software.
Refer its official documentation, falco.org/docs/getting-started/installation/ , if not install using daemonset
@@learnwithgvr okay, thank you. Do I set up and connect the master node and slave node in Kubernetes and then start working with Falco installation and next steps?
Yes correct, once your cluster is ready, follow the documentation steps. Refer my video steps