Container Security Workshop
![](https://www.socallinuxexpo.org/sites/default/files/styles/square_thumbnail/public/speakers/CNCF-Presenting%20small.jpeg?itok=1sjz6Qu2)
In this workshop we'll cover how to implement runtime security for containerized environments using the open source project Falco (falco.org). We'll cover the following:
- Learn how to create rules for an application. We'll take a containerized application and create Falco rules to detect abnormal behavior in the application. We'll profile an application's system calls, then use the profile to create application specific rules.
- Learn how to alert on Kubernetes audit events like deployment creation, kubectl exec, privileged container creation, and other interactions with the Kubernetes API.
- Learn how to leverage Serverless frameworks to react to security incidents. Delete offending pods, prevent nodes from being scheduled, and alert to Slack.