►
Description
As DevOps teams ramp Kubernetes in production, their responsibilities expand beyond monitoring, capacity management and troubleshooting to include security and compliance. Teams are looking to merge these two functions into a single secure DevOps workflow. It's time to think about runtime security and compliance requirements in the context of cloud native platforms.
In this talk, you will learn about detecting abnormal behavior and validate compliance in your running Kubernetes workloads using Falco, a CNCF project for runtime security. You will also learn how Sysdig Secure extends the Falco detection engine, offering the industry's first K8s-native threat prevention and incident response tool.
A
B
B
But
before
we
get
started,
I
want
to
give
you
a
little
bit
of
context
about
what's
the
sake,
what
as
a
project
or
as
an
open-source
project
as
a
company
and
then
what
exactly
their
relationship
with
luck.
So
cystic
is
started
in
2013
as
an
open
source
project
for
Linux
kernel
out
tracing
with
container
support
production
ready.
You
can
understand
that
as
an
evolution
from
epidamnum
and
we're
sure
from
the
network
into
the
entire
operating
system.
B
All
the
system
calls
happening
in
that
kernel
and
we
can
use
that
to
gain
visibility
into
what's
happening
inside
containers
and
since
they
can't
cover
need
to
support.
So
that's
how
the
probably
get
started.
A
year
later,
a
company
was
the
started
from
the
people
who
created
the
product,
the
project,
so
cystic
monetary
was
a
commercial
product
out
today,
kunti
Prometheus
monitoring,
performance
and
availability
manager.
A
few
years
later,
Sizzix
secure
was
larger
using
the
same
technology,
helping
implement
security.
Looking
at
worlds
have
an
inside
the
containers.
B
You
can
find
plenty
of
open
source
projects
that
were
born
at
the
state
courses,
like
has
contributed,
say
success
against
banks
Falco,
and
we
have
also
contributed
to
be
pfm
Prometheus
our
projects,
but
how
Fulk
effects
in
the
this
picture?
Well,
Falco
was
originally
started
by
says
they
the
company,
but
it's
currently
run
independently
by
our
community
and
it's
their
the
CN
CF
Umbra
since
last
year.
Right
now,
it's
sandbox
our
project,
but
hopefully
we'll
be
in
the
incubation
fee
in
an
ongoing
open
proposal
to
make
a
change.
B
Well,
we
need
to
answer.
Why
do
we
need
a
runtime
security?
Do
you
understand
why
we
are
talking
today
about
about
their
stuff?
Typically,
when
we
are
approaching
implementing
security
include
medium
stocks,
the
first
hard
we
comes
we
get
to,
but
it
comes
to
our
minds
is
like
alright.
Let's
deliver,
it
is
canon
typically
either
from
our
our
container
registries
or
CSU
the
pipeline.
Then,
let's
set
up
some
kind
of
like
user
identification
and
a
fixation
system,
so
I
can
set
up
the
permissions
on
might
governance
class,
but
it's
not
enough.
B
Can
we
make
sure
and
then
security
properly,
when
even
if
we
implement
all
these
things,
we
need
to
make
sure
that
these
layers
is
top
from
happening
all
the
bad
things.
We
don't
want
to
happen
basically-
and
this
is
what
runtime
security
is
about.
Actually,
when
I
explain,
Wrentham
security
I
like
T
splitted
in
four
blocks
or
faces
number
four,
a
number
one
step:
it's
a
prevention
or
the
enforcement.
This
is
basically
when
we
set
up
all
the
permissions
and
govern
it
is
on
what
you
can
do
and
what
you
cannot
do.
B
The
next
step
is
the
detection
or
the
audit.
These
basically
tell
us
if
those
are
barriers,
they
were
effective
or
something
went
through
the
third
step.
It's
having
the
opportunity
to
lock
those
attacks
like
basically,
if
we
were
implementing
a
firework
but
again
against
the
entire
system,
not
just
never
a
step
number
four,
sometimes
ignore
or
miss
with
this
cell
very
important,
it's
being
able
to
add
it
and
record
everything,
so
we
can
do
effective,
Incident
Response
on
forensics,
so
prevention,
detection,
blocking
and
incident
response
and
Friends.
B
When
we
talk
about
prevention,
as
I
was
saying
before
this
is
basically
who
can
do
what
we
think
ranae's-
and
the
nice
thing
here
is
that
communities
provides
a
bunch
of
native
controls
to
define
er
admission
controllers,
for
example,
allows
us
to
hook
into
the
deployment
stab
into
corniness
when
we
are
scheduled
upon,
and
we
can
define
different
policies
to
say
this
thing
can
be
deploying
Cornelius
or
not.
We
can
write
our
own
admission
controllers.
B
B
How
we
define
some
juicers,
the
roles
that
they
have,
so
we
define
what
they
can
do,
what
they
can
access
what
they
can
modify,
which
different
resources
they
can
change
in
our
Q&A
discuss
another
option:
it's
using
network
policies,
never
promises
against
an
alert
of
relative
resource,
allow
us
to
define
firewall
or
never
access
rules
for
our
keyword
needed
service.
Another
very
interesting
resource
its
base.
It's
called
part
security
policies
for
security
policies,
allows
us
to
define.
B
What's
the
security
context,
the
security
configuration
of
every
time
it
can
be
a
preview,
a
privileged
part
if
it's
a
if
it's
a
read,
read
only
read
file
system
and
also
allows
to
define
and
to
enforce
some
runtime
security.
Our
profiles
using
second
or
SLE
nukes
or
a
partner
second
allows
to
define
like
a
sandbox,
a
state
where
we
can
allow
the
system
calls
a
container.
It's
allowed
to
execute
other
frameworks
like
SOE,
nukes
or
partner,
are
a
slightly
more
advanced
and
allow
you
to
define
work.
B
Pods
can
do
the
runtime
with
in
more
advanced
language,
so
we
can
say
these
process
can
access
these
files
or
can
open
these
connections.
Just
to
give
you
a
few
examples,
but
a
prevention,
it's
not
enough.
We
need
that
second
step
or
phase
within
runtime
security,
which
is
detection
detection,
helps
to
answer
what
happens
with
a
control.
Fails,
it's
basically
our
last
line
of
defense.
B
We
need
to
have
it
work
for
Katraj
sofie's.
We
need
to
have
it
to
tell
a
story.
Basically,
when
the
unexpected
happens,
when
either
we
fail
to
configure
properly
those
inference
mechanisms
or
the
attacker
could
find
gaps
or
holes
to
basically
bypass
those
mechanisms,
we
will
be
applying.
These
detection
is
very
few
times,
but
it's
very
critical
when
we
need
it.
Also.
This
is
very
useful
for
auditing
purposes.
B
Detection
can
be
also
be
used
to
validate
them.
The
informants
enforcement
mechanisms
that
you're
actually
working-
and
we
can
also
use
the
tection
the
body
day
to
make
sure
that
those
are
policies,
those
enforcement
mechanisms,
the
doesn't
break
my
applications.
So
it's
notice
exactly
in
a
straight
line.
It's
actually
like
an
allows
us
to
improve
our
enforcement.
B
There
are
many
use
cases
for
detection.
For
example,
even
if
we
have
images
coming
in
your
CSE
pipeline
and
parts,
Molnar
abilities
or
vulnerabilities
of
the
Elm
have
a
public
CVE
won't
be
catch
for
those
mechanisms.
So
detection.
It's
going
to
allow
us
to
see
to
monitor
your
containers
for
anomalous
behavior,
which
is
going
to
be
the
way
to
catch.
B
There
are
a
bunch
of
different
approaches
for
doing
runtime
detection,
their
visibility.
One
approach
is
using
le
pré,
no
LTP,
no
loss.
Austin
hook
into
all
the
live
sequels
and
see
what
h.wood
is
each
of
our
processes?
Do
it
the
consequences
of
using
LD
preload
is
that
these
mechanisms
actually
allow
us
to
change
your
application
behavior.
So
from
a
security
perspective,
that's
something
that
you
might
not
be
ready
to
trade
off.
P
trace
is
another
option.
B
B
So
that's
something
to
consider.
From
a
security
perspective
sight
cars
are
using
our
Copernicus
pods.
It's
another
approach.
You
can
have
important
it
bones
that
the
monitor
pod
namespaces
are
being
shared
between
those
two
pods
I.
Can
access
into
the
process,
network
storage,
so
from
one
path?
I
can
get
visibility
into
the
other.
There's
this
like
in
principle
an
approach
similar
to
would
it
could
be
Prometheus
exporters,
for
example.
B
The
limitations
are
here
are
basically
the
instrumentation
ever
have
the
complexity
and
that
the
visibility
that
you
get
it's
basically
limited
to
the
scope
of
a
part
of
your
monitoring.
A
fourth
approach
is
using
a
kernel
base
approach
and
never
eaten
either
a
kernel
module
or
the
EVP
FFF
to
get
visibility.
B
B
B
Now,
let's,
secondly,
let's
talk
more
about
how
Falco
leverages
Abi's
Falco,
it's
considered
a
coordinator
and
it's
basically
a
detection
and
gene
for
any
kind
of
anomalous
activity
that
might
be
happening
in
your
hose
from
your
containers.
Focal
leverages
set
of
rules
that
follow
our
syntax
very
similar
to
this
to
be
done
to
define
what
it
is,
consider
anomalous
and
what
it's
considered
safe
leverages.
Some
open-source
libraries
leaves
us
cup
and
leaves
knit
coming
from
the
open
source
project.
Did
you
get
the
its
visibility
and
it
has
covered
needs
native
support?
B
This
means
that
every
system
call
its
tagged
by
the
kubernetes
context,
namespace
deploy
man
teaming,
set
path,
etc.
So
we
know
from
which
application
or
micro
services
it
is
activity
coming
and
father
can
also
hook
into
the
queue
API
server
out
it.
So
we
we
can
get
information
about
what's
happening
at
the
orchestration
layer.
Well,
we'll
see
some
examples
inside
the
problems
that
Falco
solve
are
things
like
our
my
hosts
and
containers
doing
something
that
they
shouldn't.
B
So,
for
example,
there
is
any
unexpected
fun
process
like
a
postcard,
SQL
containers
found
in
something
different
or
a
process,
doing
something
like
install
in
any
package
or
changing
our
configuration
at
running
at
runtime
inside
the
container
or
looking
at
never
activity,
for
example
like
an
engine,
X
container,
the
starting,
a
new
listening
port
or
doing
an
uninspected,
never
connection.
We
can
also
look
at
the
orchestration
activity.
B
For
example,
we
can
answer
if
kubernetes
user
need
that
cube
city,
LX
act
or
cubes
ETL
approach
into
a
shell
into
a
privileged
container
under
started
in
some
changes.
But
these
are
the
kind
of
questions
that
you
are
going
to
be
able
to
answer
with
falcon
falco
architecture.
That
can
be
understood
following
this
diagram.
We
have
like
it.
The
kernel,
module
or
vpf
proof
from
where
we
get
every
system
call,
so
we
can
see.
What's
happening
system
will
be
leveraged
in
Navis.
B
Carbon
leaves
neat
libraries
to
organize
to
reconstruct
that
activity
and
send
it
to
the
filtering
mg.
All
that
information,
it's
combined
with
the
kubernetes
metadata
unlabeled
and
also
with
all
the
events
coming
from
the
queue
API
server,
pretty
much
all
the
that
PPE
ginza
Falco
rules
and
if
anything
matches,
we
can
define
that.
Yes,
there
were
some
unexpected
behavior
and
we
can
trigger
a
number
of
notifications
across
different
mechanisms,
syslog
or
finite
period
asunder
output.
B
We
can
actually
create
commands
if
we
can
to
your
web
hooks
or
if
we
want
to
extend
things
a
little
bit
further.
We
have
a
G
RPC
up
it
that
uses
TLS.
It's
fully
secure,
then,
and
then
we
have
a
bunch
of
different
projects
or
side
projects
to
Falco
that
you
can
use
to
either
send
notification
dedications
to
other
places
like
Peter
duty,
ops,
any
data--,
dog
elasticsearch
and
either
yes,
SNS
or
google
observe
using
Falco
sidekick.
We
can
also
control
Falco
using
the
client.
B
There,
the
Kirk
or
DVD,
f
crew,
good
copies.
All
the
system
calls
in
to
arrange
your
buffer
with
user
space.
This
is
basically
like
a
clock.
We
are
filling
the
new
system
calls
and
we
do
basically
drop
everything
at
the
end.
With
all
this
state
of
information,
we
have
these
libraries
of
basically
control
the
reads
and
writes
on
these
buffer
and
we
reconstruct
all
the
activity,
and
we
have
this
kind
of
like
a
state
engine
that
we
can
used
in
mines
against
our
filtering
rules
at
the
end
Falco.
B
It's
just
a
common
line
to
handle
these
libraries
and
a
load
to
do
your
handle,
and
if
you,
let
me,
go
even
a
little
bit
deeper
and
show
you
some
of
the
priorities
of
Falco
BPF
implementation.
There
is
something
that
makes
Falco
and
also
the
Cystic
lever
is
different.
Typically,
EVP
have
programs
to
use
this
map
data
structures
to
control
all
the
communication
between
the
vpf
program
running
the
kernel
and
the
user
space
on
Cystic
and
Falco.
B
There
is
an
additional
ring
buffer
that
we
show
before
that
provides
a
higher
output
channel
between
the
kernel
on
the
user
space.
So
the
EBP
F
map
structures
the
year
just
use
force
finally
and
control
and
the
ring
buffer
is
used
to
move
all
these
data
into
user
space
where
we
can
mix
it
with
them
container.
Underneath
this
context,
so
we
can
give
it
a
little
bit
more
of
sense.
B
You
might
be
wondering
how
these
rules
are
actually
work.
I
mentioned
before
this
is
something
very
similar
to
TCP
dump
filters
where
you
have
a
name
for
the
role
description
and
then
the
condition
this
is
basically
different.
So
here
we
are
looking
or
we
want
to
detect.
If
any
of
my
nerve
ideas
are
containers
run
any
process,
which
is
not
that
the
note
yes
binary,
so
we
are
going
to
ride
a
roll
like
this
you're
looking
for
Evan
type,
exactly
II,
so
this
is
a
system
called
near
looking.
B
We
want
to
look
for
someone
or
some
container
executing
the
process.
We
want
to
look
at
all
these
system
calls
within
this
scope.
Micronesians
deployment
called
my
node
up
and
we
want
to
detect
if
any
process.
It's
not
called
note.
If
anything
happens,
that
it's
different
to
this,
we
will
trigger
the
rule.
Sending
these
output-
and
here
we
can
add
some
placeholder,
so
we
can
get
additional
information
like
the
username
that
is
found
of
processes,
a
process,
the
process
name
and
common
line
arcs
and
from
which
container
this
come.
B
You
can
use
many
filters
to
create
these
roads
filter
for
processes
for
users
for
file
system
activity
network
for
also
to
define
from
which
critique
the
scope
is
coming,
including
false
replication
controllers,
services,
namespaces,
replicas
self-employment,
etc.
You
can
find
all
these
documented
on
Falco
documentation,
but
Falco
can
also
hook
into
the
qadi
events,
so,
for
example,
I'm
able
to
detect
if
someone
is
creating
or
modifying
a
config
map
that
have
some
private
credentials
inside
rather
than
using
a
secret.
So
the
way
our
would
be
doing.
That
is
our
writing.
A
role
like
this
here.
B
This
rule
is
a
slightly
more
advanced
because
we're
using
macros
to
simplify
the
condition
of
this
role.
This
role,
it's
going
to
look
for
a
config
maps
and
then
in
in
our
coordinate,
is
even
out
it
any
modification
on
those
config
maps
and
to
see
if
those
modifications
contain
any
private
conventions
so
config
map,
we
define
it
as
a
cover
neatest
resource,
which
is
a
config.
Now,
a
modified
macro
is
defined
as
any
create
update
or
patch
Bev
of
actions,
and
then
they
contains
private
credentials.
It's
a
macro.
B
B
These
are
examples
of
top
runtime
policy
violations
and
we
are
going
to
find
Falco
rules
created
out
of
the
box,
a
bi-level
as
part
of
the
default
configuration
to
detect
all
these
things,
but
when
people
are
deploying
Falco,
these
are
the
typical
examples.
The
typical
use
cases
they
use
it
for,
and
actually
we
have,
the
detection
rules
created
out
of
the
box
for
this.
So
people
check
for
best
practices
when
branding
containers.
B
So
we
detect
that
someone
is
not
updating
packages,
not
modifying
binary
directories
or
modifying
the
configuration
reading,
sensitive
files
or
containers
spawning
unexpected
processes
or
changing
the
executed.
Namespace
run
privileged
container
sensitive
mounds
or
running
shells.
This
also
useful
for
compliance.
We
can
do
file
integrity
monitoring.
We
can
monitor
the
launch
of
privileged
containers
or
making
changes
on
cornutus
configuration
like
config
maps,
are
all
changes
and
rules
of
the
match,
basically
PCI
or
needs
regulatory
frameworks.
Falco
can
also
be
used
to
detect
a
specific
CBS.
Some
of
them
are
seen
in
communities.
B
B
You
can
find
many
of
these
rules
on
their
security
half
these
are
gree
gates,
detection
rules
or
Falco
and
soon
other
projects.
So
we
help
you
to
implement,
create
the
security
best
practices,
all
these
for
alerts
that
you
get
from
Falco.
The
way
that
you
usually
consume
them
are
basically
forwarding
them
into
a
CM
system.
You
can
connect
Falco
to
differenciate
systems.
If
you
didn't
have
anything
he
can
use.
B
For
example,
qivana
you
can
forward
your
fault,
even
Sulis,
assert
and
then
use
qivana
to
create
dashboards
about
what's
happening
in
your
computers,
as
I
was
explaining
runtime
security
before,
and
they
mentioned
that
a
third
step
was
actually
blocking.
We
prevent
users
from
doing
things
or
services
from
doing
things
of
the
children.
Then
we
detect
activity
if
we
detect
any
unexpected
activity,
we
can
respond
to
that
blocking
that
unexpected
behavior-
and
this
is
one
it's
a
response
engine
about.
We
can
trigger
automatic
reactions
to
30
events
to
block
these
attacks
are
inspected
behavior.
B
This
is
basically
executing
playbooks
and
we
use
a
we
do
that
using
functions
as
a
service.
We
have
implemented
response
and
gene
for
different
technologies,
using
open
source
framework
functions
as
a
service
frame
words
or
using
Google,
Cloud
or
AWS,
and
examples
of
different
actions
that
you
can
execute
it's,
for
example,
Tintin
and
L
with
Noah
schedule.
So
no
other
parts
are
scheduled
on
that.
B
No
in
case
there
was
a
continued
break
up,
isolate
the
parties
in
the
network
policy
deleting
of
an
import,
the
scaling
down
the
deployment
serial
trigger
artistic
capture
of
forensics,
or
send
a
notification
to
different
channels
like
a
lot
different
organizations,
the
gyro
and
using
Falcon
production
from
Booz
Allen
to
frame
that
il,
for
example,
Shopify
similar
da
Korsak
itself.
So
you
can
read
a
more
comprehensive
lease
into
the
adopters
file
in
the
Falcon
security.
B
Our
repository
and
I
encourage
you,
if
you're
using
the
Falcon
yourself
to
do
a
PR
and
tell
us
your
story
about
how
you're
using
production
there.
If
you
want
to
get
more
involved
into
the
Falco
community.
Of
course,
the
first
place
to
start
is
the
Falcon
art
website.
You
can
find
interest
in
blog
posts
and
more
content
on
Falco
on
the
Falco,
the
court
law,
but
also
on
the
Cystic.
Back
from
you
see
a
right
to
love
a
lot
Falco,
of
course
on
the
github
organization,
and
we
also
have
no
slack
community
Docs.
B
And
then
the
security
have
I
mentioned
before,
where
you'll
be,
where
you'll
be
able
to
discover
Falco
roads,
but
also
contribute
rules.
So
you
might
be
writing
yourself.
Now.
I
would
like
to
talk
a
little
bit
more
about
how
the
sake
extends
the
Falco
functionality.
In
some
of
the
prep,
we
saw
how
it's
a
runtime
detection,
but
this
is
in
a
small
part
of
your
entire
security
approach.
B
When
we
are
talking
about
implementing
security
in
your
containers
or
your
club
meter
sock
I
like
to
spread
this
in
again
in
three
phases:
the
bill,
the
run
and
respawn
phases
as
you
build
and
deploy
your
containers,
you
might
be
doing
image
scanning
and
configuration
validation
as
a
container.
The
years
are
run
in
production.
You
do
detection
of
unexpected
behavior,
but
also
you
need
to
create
that
policy,
maintain
it
maybe
find
mechanisms
to
build
those
policies
or
roles
automatically
or
to
respond
to
blog
those
threats.
B
Then
in
case
something
unexpected
happens,
you
need
to
be
prepared
to
respond
you're,
saying
into
the
response
mechanisms,
forensics
analysis
and
now
with
all
their
activity.
Of
course,
compliance
is
not
one
a
step
process
in
these
life
cycle.
It
needs
me
implemented
across
the
entire
lifecycle
and
since
execute
can
happy
with
something
to
highlight
about
the
Cystic
buffer.
B
Troubleshooting
all
these
different
use
cases,
we
see
that
it's
actually
the
devops
teams,
the
ones
that
they
take
care
of
security.
Now
in
Knudson
20,
we
see
that
security.
It's
now
part
of
the
DevOps
process.
We
call
this
Mexico
ups
or
secure
DevOps,
and
this
is
where
syczyk
platform
helps
you
and
now
let
me
show
you
just
three
or
four
examples
on
how
you
can
extend
falco,
to
make
it
easier
to
use
and
to
use
it
in
production,
environment
and
more
eaten
one
other
functionality
that
we
have
here.
B
It's
the
Falco
editor,
but
you
will
find
insects
secure.
The
Falco
editor
allows
you
to
evade
Falco
rules
directly
from
this
UI
and
to
build
your
policies
directly
from
this.
You
are
or
from
ApS
where
you
can
define
they
name
the
description
of
the
role,
but
also
you
can
define
the
scope
diarrhetic
here
and
you
can
have
multiple
roles.
Also
from
here.
You
can
also
are
configure
the
different
blocking
or
response
actions
like
stopping
the
container
pausing,
the
container
or
taking
a
capture
file.
B
You
can
also
find
in
secure
the
follicle
library,
allows
you
pulling
different
rules
or
policies
to
create
your
runtime
policy
based
built
on
best
practices
and
different
framework
compliance
frameworks
or
attack
frameworks
like
the
nature
attack
framework.
So
you
can
build
your
runtime
policy
from
a
number
of
examples
and
default
other
than
walks
worlds
of
defense.
Another
good
example
on
extending
Falco.
It's
the
tuning
functionality.
B
We
have
seen
that
if
you
miss
configure
your
runtime
policy,
it
might
be
triggering
a
lot
of
false
positives
or
if
you
deploy
a
new
application,
a
new
version
of
your
applications,
things
might
have
changed,
so
you
need
to
fine-tune
your
rules
for
captioning
functionality.
Looks
at
all
the
events
we
in
firing.
Your
system
and
lurks
at
worked
need
to
be
saying
or
fine
tea
in
so
you
reduce
the
number
of
rules
that
the
European
trigger
all
the
time.
Another
example
it's
profiling.
B
We
see
that
some
users
they
didn't
want
to
spend
time
creating
manually
other
runtime
rules
and
policies,
so
profiling
basically
use
detection.
She
used
up
this
ability
to
learn
how
containers
they
behave.
Looking
at
the
network
connections
processes
file
system
activity,
your
system
calls
and
then
generating
those
runtime
rules
that
the
runtime
policy
automatically
for
you
another
example,
is
the
policy
advisor
policy
advisor,
looks
at
their
running
containers
and
allows
to
generate
the
most
respective
parts
security
policy.
For
that
very
container,
then
validated
against
the
running
behave.
B
So
we
make
sure
that
your
part
security
policy
doesn't
break
your
running.
Applications
possibility
policies
care,
as
we
mentioned
before,
can
be
used
as
an
enforcement
mechanisms
in
your
current
need
is
faster,
so
we
define
what
the
pots
can
and
cannot
do
and
we
block
anomalous
behavior
before
actually
happens.
Last
but
not
least,
we
mention
how
these
detection
this
runtime
data,
it's
very
important
to
tell
a
story
of
what
happened.
B
B
If
you
like,
all
this,
you
can
find
sis
take
and
some
members
of
the
Falco
community
in
some
upcoming
events,
so
we're
running
a
number
of
a
star
war.
Premiers.
If
you
want
to
come
with
us
to
the
cinema,
enjoy
servers,
you
can
do
that.
You
get
your
invite
through
that
link
next
year,
you'll
find
us
in
RSA
cube
corn
and
bread
hock
summit,
just
to
mention
a
few
events
and
well.
If
you
want
to
learn
more
about
this,
don't
forget
to
check
out
the
Falcon
at
our
website.
B
I
also
wanted
to
include
here
a
link
to
the
container
uses
to
report
and
a
webinar
I
caught
before.
Don't
forget
to
subscribe
to
this
as
I
come
block
and
if
well
last
week
when
it
is
117
was
released
and
we
always
like
to
write
a
blog
post
on
what's
near
that
when
become
very
popular.
So
I
can
I'd
like
to
use
this
opportunity
to
share
that
link
again
video
thanks
very
much
for
listening
today
and
they
helped
you
enjoy.