Introduction to Runtime Security in Containers

Introduction to Runtime Security in Containers

We will use Sysdig Secure to detect abnormal behaviour in our containers.

Course Description

In this scenario we will use Sysdig Secure to detect anomalous activity, and research the incident, even if the affected container no longer exist.

Goals

  • Explore the default policies
  • Customize a policy to do a capture of all syscalls happening around a security event
  • Use Sysdig Secure to detect an interactive shell in a container
  • Investigate the incident, and find out exactly what happened.

Competencies required

If you have not done it yet, it is a good idea to complete the Falco scenarios before this one.

You will play both the attacker and defender (sysadmin) roles, verifying that the intrusion attempt has been detected by Sysdig Secure.

Curriculum

  • Introduction to Runtime Security in Containers
  • Next Steps
  • What's next?

Course Description

In this scenario we will use Sysdig Secure to detect anomalous activity, and research the incident, even if the affected container no longer exist.

Goals

  • Explore the default policies
  • Customize a policy to do a capture of all syscalls happening around a security event
  • Use Sysdig Secure to detect an interactive shell in a container
  • Investigate the incident, and find out exactly what happened.

Competencies required

If you have not done it yet, it is a good idea to complete the Falco scenarios before this one.

You will play both the attacker and defender (sysadmin) roles, verifying that the intrusion attempt has been detected by Sysdig Secure.

Curriculum

  • Introduction to Runtime Security in Containers
  • Next Steps
  • What's next?