►
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Let
me
show
you
on
my
face.
Yes,
so
first,
who
I
am
I'm
tomorrow,
I'm
a
french
engineer,
I'm
currently
working
for
at
csd
as
on
pencils
and
ecosystem
advocate.
Before
that
I
was
sre
for
more
than
eight
years,
especially
for
tour
players,
media
press
online
businesses
and
my
last
job
was
sorry
for
online
bank.
In
france,
I'm
contributed
farco,
not
I'm
not
the
developer
of
farco,
because
I
don't
know
c
platforms,
but
I
write
blog
posts.
I
do
talks.
A
So
a
little
reminder:
what
is
fargo
parkour
currently
is
a
cncf
immersion
level
project.
Basically
it
it's
a
cognitive,
real-time
security
project.
It
means
it's
de
facto
right
now
the
kubernetes
thread,
dictation
energy.
You
can
install
in
your
clusters
to
detect
threats
and
bad
behaviors.
That
may
happen
if
you
want
to
know
more
about
farco
what
it
is,
how
to
how
it
works.
What
we
can
do
with
it,
you
can
watch
this
cncf
online
program
and
made
by
love.
Is
the
journey
cto
and
founder
of
siddix
is
the
which
created
fico
at
the
beginning.
A
So
no
it's
still
an
incubation
level
project,
but
with
plugins.
I
will
present
you
in
this
presentation.
We
can't
think
taco
more
than
more
than
the
kubernetes-oriented
3d
technology.
It's
now
a
global
threat,
this
energy,
because
you
can,
with
any
source
of
event
triggers
it
means
you
can
detect
bad
behaviors
french
patterns
in
your
clone
infrastructure
in
your
localhost
or
any
three
more
events
that
you
can
have
and
for
some
statistics.
A
Falco
currently
has
reached
almost
5
000
stores
on
github,
it's
increase
of
30
in
a
year
and
we
have
more
than
35
billions
of
pools
from
the
card,
so
the
growth
is
quite
impressive
this
year.
Thank
you
so
little
reminder
about
the
architectures
of
falco.
A
A
The
world
the
drivers
we
have
lipscape
and
lipsticks
tail
lips
lipscap
is
is
dedicated
to
the
collection
of
cisco
from
the
drivers
by
lip
syncs.
It
will
pass
them
and
extract
things
and,
above
that,
for
the
matching
of
rules
we
have,
we
have
a
whole
engine
and
output
qualification
will
be
able
to
send
the
address
the
event
to
program
standard
out
http
endpoint,
and
this
is
how
it
works
with
file
cycling.
For
example.
We
also
have
glp
signal
so
leave
cap,
lipscape,
aka
library,
for
system
capture.
A
It
runs
in
the
user
space
library,
it's
a
user
space
library.
The
drivers
are
in
kernel
space,
but
these
libraries
are
in
user
space.
They
communicate
with
the
drivers.
Then
they
read
the
syscall
from
the
ring
buffer.
This
is
where
the
drivers
put
the
elements
and
then,
after
they
forward
them
to
lip
syncs,
so
bleed
lipsticks
like
a
aka
library
for
system
inspection.
A
It's
also
an
user-based
library.
Each
result
receives
events
from
lipscap
and
it
enriches.
We
have
this
all
these
events
with
matching
state.
This
is
where
we
can
add
some
details
about
like
metadata
from
communities
from
docker
and
focus
docker
demand,
construction
and
stuff,
and
it's
also
able
to
perform
some
filtering.
A
This
is
called
events
at
the
kernel
level,
so
we
have
the
drivers,
gap,
speed
and
rg,
or
a
few
months
or
years
after
we
added
the
ability
to
retrieve
to
receive
kubernetes
audit
logs
from
the
control
pane.
The
idea
is
to
create
to
run
inside
falco
web
server,
and
this
will
well
this
web
server
is
an
endpoint
for
the
control
pane
to
send
out
to
sender
to
audit
clouds.
So
farco
is
he
was
able
to
collect
cisco
and
audit
plugs.
Even
so,
we
have
two
sources
of
events
right
now.
A
A
Bad
pattern
to
expose
a
less
sacred
pattern
than
just
closed
demon
to
work
with
the
control
plane.
We
have
to
just
reduce
it.
We
have
to
manage
the
tls
certificates
between
control,
plane
and
fargo,
which
can
be
a
little
bit
complicated
and
the
big
big
challenge
with
this
implementation.
Is
it
can't
it
can't
work
with
managed
communities,
cluster
gke,
aks
eks?
A
Why?
Because,
when
you
are
running
a
managed
cluster,
you
don't
have
access
to
audi
clouds
directly
there.
They
are
gathered
and
stored
in
the
log
system
of
your
club
provider,
so
we
have
to
find
out
a
way
to
get
them
back
and
insert
them
into
falco
some
people
in
the
community,
thanks
to
them
creating
kind
of
demons
to
collect
from
the
lock
system
or
the
clogs
and
re-inject
them
into
fibro.
But
it's
not
really
convenient.
A
So
this
is
why,
in
the
last
release
of
falco
from
january
2022,
we
release
the
api
for
plugins.
It
means
we
can
add
any
kind
of
plugins
we
need
to
file.
Faco
is
not
extensible
with
any
kind
of
input,
so
we
have
a
standard
api
with
clear
definition
and
we
can
expose
easily
resources
from
cloud
providers.
Gcp
azure
network
or
s
we'll
describe
everything.
A
So
basically,
plugins
are
dynamic,
drive
libraries
which
allow
allow
falco
to
collect
and
extract
fields
from
streams
of
events.
So
we
can
basically
have
events
like
plot
trend
from
amazon
cloud
watch,
vlogs
on
amazon,
hedgerow,
logs,
analytics
cloud
logging
for
js
for
gcp,
directly
events
from
communities,
culture.
A
We
can
also
think
about
events
at
the
cosmology
of
darker
demand
and
if
we
want
something
which
is
out
in
front
out
of
the
world
of
infrastructure
of
running
web
applications,
we
can
think
about
one
of
the
biggest
stream
of
events
in
the
world
twitter.
So
we
can.
I
will
show
you
the
demo,
but
demo
play
a
twitter
plugin.
A
A
A
The
api
framework
at
the
falco
level
is
quite
simple.
We
don't
have
a
lot
of
function
with
method
system.
We
call
that
c
symbols
you
have
to
know.
All
of
them
are
not
mandatory
to
create
a
plugin
or
leave
use
subset
of
them,
but
they
are
there
and
the
accommodation.
The
developer
guide
is
full
and
you
have
every
detail
about
it
all
methods
and
excel.
A
A
A
It
can
be
generic
or
tied
to
specific
data
source.
It
depends.
What
you
want,
for
example,
json
is,
is
quite
generic,
but
we
can.
We
are
creating
extractor
plugins
for
audit
clouds,
communities
on
the
clocks,
because,
whatever
the
source
is
gcp
level,
the
format
of
the
json
is
always
the
same.
A
A
A
So
in
this
example,
we
just
have
one
plugin,
so
we
have
the
name
important.
This
is
the
exact
name
you
will
see
in
the
plugin
configuration.
I
will
show
you
after
library
path
is
where
the
plugin
is
stored
on
your
system.
It
can
be
related,
it
can
be
a
relative
or
absolute
like
you
want,
and
you
have
the
indeed
config.
This
is
where
you
will
set
all
parameters
to
run
your
plugin,
so
either
in
yaml
is
on
json.
It
works.
A
A
You
can't
you
disable
automatically
this
call
connection,
so
you
can
run
an
falco
instance
for
both
this
call
connection
and
plugin.
It
will
change
in
future,
of
course,
but
right
now
is
the
situation
so
technical
cabinets
for
for
developers.
You
have
to
know
the
flows
are
simplified
compared
to
these
scores
for
end
users,
it's
not
not
really
useful.
Just
for
people
who
wants
to
write
plugins
or
develop
falco.
You
have
to
know
that
these
memory
locations
must
be
owned
and
managed
by
plugins.
A
You
can
load
only
one
plugin,
one
source
plugin,
followed
by
by
instances
of
falco
it
disables
a
cisco
connection,
and
you
have
to
take
care
to
not
overlap
ideas
when
you
create
a
plugin,
why?
This
is
because
the
source
plugins
may
be
used
by
fico
and
league
of
pencils,
and
you
can
create
capture.
You
can
record
captures
with
these
digs
and
the
the
plugins
we
are
which
has
created
the
events
inside
the
capture
are
their
heidi.
A
A
A
Let
me
explain
right
now
for
most
of
the
plugins,
you
just
have
to
run
one
file
code
with
the
plugin
and
that's
all
if
we
take
the
example
of
cloudwatch
logs.
If
you
run
several
instances
of
falco
with
each
instance,
your
cloudwatch
logs
plugins
enabled
you
will
collect
the
same
event
several
times
and
you
will
be
enjoying
you
will
have
the
duplications
of
ours
and
a
contrarian.
If
we
run
some
if
we
want
to
run
falco
with
second
agent
plugins
these
plugins
this,
this
plugin
must
run
at
the
fourth
level.
So
we
have.
A
We
need
one
one
falco
per
node
in
your
cluster,
so
in
one
case
we
just
need
one
falco
another.
We
need
a
falco
on
each
node
like
a
diamond
set,
for
example,
so
we
have
to
deal
with
that
so
to
enhance
the
the
user
experience
for
people
who
want
to
want
to
write
plugins,
we
created
an
sdk
in
golong.
Why?
Why?
Because
gold
is
quite
easy
to
write
the
popular
language
in
cloud
native
and
opposite
inclinative
and
open
source
community
communities
and
also
growing
developers.
A
A
We
can't
manage
directly
the
memory,
but
we
have
garbage
collector
so
to
allow
a
good
interface
between
c,
which
has
his
manner
to
manage
memory
and
gold,
which
has
another
manner
to
manage
its
memory.
It's
quite
nice
to
have
kind
of
framework
and
sdk
to
not
make
people
aware
of
that
and
let
make
them
only
focus
on
their
logic,
not
on
the
rollover
questions.
A
So
we
created
an
sdk
in
go
it's
quite
easy
to
use.
Let
me
show
you
so.
First
we
have
the
filecode.channel
file
to
enable
plugin
just
a
second.
A
It
will
be
loaded
in
falco.
Falco
will
use
it
to
know
what
he
has
to
do
and
use
the
plugin
in
the
format
of
that
install
we
created.
So
in
this
example.
It
is
it's
a
dummy
example
I
bought.
We
need
to
import
the
sdk.
We
need
to
create
some
structures,
etcetera,
etcetera,
to
build
it
with
the
same
version
of.
A
Let
me
show
you
there.
We
have
to
create
two
structures,
one
for
the
plugin
itself
with
its
configuration
another
and
we
have
to
import
plugins.plugin.
It
will
automatically
add
all
mandatory
fields
into
your
structure,
then
for
the
instance.
What
we
call
an
instance
is
an
opportunity,
for
example,
when
you
create
a
client
to
twitter
stream
api.
This
is
an
instance.
You
have
the
plugin
with
which
is
created
by
falco
with
the
details.
You
you
put
in
your
in
your
file
code
channel
and
at
the
moment
it
opens
a
string.
This
is
an
instance.
A
A
Which
is
responsible
to
map
the
configuration
between
your
file
code
terminal
and
your
structure
you
can.
This
is
where
you
can
set
some
default
values
here,
and
then
we
have
the
info
method
really
important,
because
this
is
where
you
put
the
id
of
your
plugin
name
and
remember.
The
name
is
what
you
have
to
set
in
your
falco.cml
file
and
you
also
have
the
advanced
source.
A
This
one
is
also
really
important
because,
for
example,
if
we
want
to
create
rules
for
kubernetes
or
the
blogs
we
may,
we
may
have
gcp
heiser
hemazone
or
directly
the
control
plane
as
sources
for
for
these
events,
so
we
may
have
three
four
or
five,
whatever
different
plugins
each
with
its
own,
with
the
each
with
its
own
end
name,
but
they
will
have
at
the
end
the
same
format
for
the
element.
So
we
will
use
the
same
event.
A
A
A
A
We
also
have
a
registry,
it
contains
method,
data
and
information
about
every
non-plugin.
This
is
when
you
have
written
a
plugin.
You
can
propose
it
with
a
different
id
and
also,
of
course,
in
this
traditional
registry
you.
This
is
where
you
you
can
check
which
ideas
are
available
to
avoid
conflicts,
and
it's
also
right
now,
where
we
store
the
plugins,
manage
write
on
bytes
file
commanders
for
examples.
We
have
the
cloud
trail,
json
and
dummy
a
dummy
is
just
an
example.
A
It's
simple,
spruce
and
go
to
to
offer
you
a
way
to
dig
and
understand
how
it
works
in
future.
We'll
also
create
shared
libraries,
for
example,
for
authentication
to
cloud
providers
to
get
logs
from
cloud
watch
logs,
for
example,
because
we
always
use
the
same
manner.
So
what
we
want
is
when
you
want
to
create
a
plugin
for
new
service
for
gcp
header
and
as
well.
You
will
just
ask:
we
just
have
to
import
the
those
shared
libraries
or
share
modules
and
the
authentication
and
the
creation
of
clients
will
be
already
there.
A
So
in
the
registry
readme,
you
will
find
out
this
list,
for
example,
so
you
have
the
id
the
name
name
used
in
your
file
code.channel
to
enable
the
plugin
the
name
of
the
event
source.
This
is
why,
for
example,
we
have
k8s
underscore
how
did
in
future,
we
have
the
same
with
underscore
eks
and
just
go:
aks
underscore
gte,
etc
and
the
event
source
will
be
always
the
same,
and
you
will
find
out
which
the
names
of
autos
etc,
for
example.
A
A
A
We
can
collect
them
from
f3
from
an
sql
sq
of
directly
from
a
local
file
system
in
json
format.
Of
course,
this
plugin
is
also
an
extractor,
so
we
have
new
fields
it
is.namect.userct.info.
All
details
are
in
the
readme.
You
can
find
out
with
the
link
here
and
we
have
a
new
event
source
for
your
words,
called
aws
underscore
cloudframe.
A
A
So
it's
really
powerful
because
you
can
no
detect
events
in
really
happening,
which
may
happen
in
your
cluster,
but
also
at
the
infrastructure
level
and
with
this
kind
of
plugin.
A
So
for
the
json
plugin
we
like
I'll
just
tell
you.
We
have
some
new
fields
which
works
with
any
events
in
json
format.
What
is
useful
with
plugins?
Is
you
don't
need
any
configuration
it's
out
of
them?
It
works
out
of
the
box.
You
just
have
to
enable
it
for
the
java,
plugin
and
the
cloudflare
plugins
are.
They
are
managed
and
created
by
falco
markers.
They
are
already
embedded
in
the
farco
images
faculty
image.
A
A
Let's
create
a
container
first
one
and
we
see
the
basic
workflow
of
the
creation
red
attach
start.
We
have
the
image
and
the
name
of
the
computer.
It's
exactly
what
I
used
to
run
my
command
first
and
if
I
exact
something
inside,
we
also
detect
the
exact
of
command
inside.
My
customer
will
consider
sorry.
So
we
have
the
wall
command,
the
image
and
the
name
of
the
corner,
so
it
was
basically
this
plugin
is
just
to
website
it's
just
to
demonstrate
how
it
works.
A
It's
quite
easy,
so
you
can
read
out
these
the
sources
and
and
understand
much
more
how
it
works
for
falco.
A
A
Poc
proof
of
concept,
so
I
just
created
two
rules.
First,
one
is
for
successful
for
success
actions
and
another
one
is
for
error.
Actions
in
error.
You
can
see
the
source
is
different
because
it's
running
as
a
poc.
So
this
is
why
fortnite
is
different
and
we
can
extract
like
we
had
with
the
current
implementation
of
audit
clouds
internally
to
falco.
We
have
the
same
field.
A
Just
I
could
rock
that
could
write
a
rule
with,
and
the
user
that
name
user.name
contains
the
math
etcetera.
Just
to
show
you
this
one.
Let
me
get
the
list
of
pods
in
the
default.
Namespace
just
wait
a
few
seconds
here
we
go.
We
have
my
username
the
target,
the
verb
list
and
the
uri
which
has
been
called
and
the
response
to
200.
So
it
worked.
A
Describe
reports,
for
example,
this
one
we
wait
three
seconds
and
we
have
gate
which
pods
which
target
which
target
it
is
so
we
we
can
see
the
user
format.
That
library
says
get
this
spot
and
I
received
a
200
answer:
http
error
code.
It
means
I
was
able
to
retrieve
the
data
from
this
for
this
spot
right
now.
I
have
some
issues
with
the
creation
and
deletions
of
pods.
A
A
The
syntax
for
is,
is
used
for
the
plugin
is
quite
it's
quite
the
same
that
the
twitter
stream
api.
So
it
doesn't
work
really
well
with
rules,
because
we
have
rules
of
our
rules,
but
this
is
just
for
a
demo
once
once
again,
just
to
show
you,
we
have
a
new
source
and
we
can
get
informations
in
real
time
like
the
old
tweets
which
refers
to
which
refer
to
cat
on
dogs
with
an
image.
A
A
A
We
can
also
monitor
in
real
time
major
tweets
like
hurricane
alerts,
or
I
don't
know
for
I
don't
know
if,
if
you,
if
you
need
to
make
photograph
photograph
to
make
picture
of
of
tundra-
or
I
don't
know
you
can
in
real
time
after
some
slack
or
whatsapp
or
push
do
later,
I
don't
know
alex
thanks
to
falco
about
tweets,
which
mentioned
lightnings
or
else
in
your
country
or
in
your
region,
and
be
able
to
to
run
out
with
precautions,
to
run
out
to
take
a
picture,
for
example,
where
you
can
imagine
things
like
that.
A
Based
on
this
chair
module,
for
example,
for
the
communities
of
the
clocks,
we
can
have
one
one
module
for
authentication
to
amazon
same
for
google
platform
for
another,
one
from
azure,
the
emoji,
the
module
for
connections
to
the
dialogue
services
and
an
extractor
for
the
fields
of
the
humanities,
audit
blogs
the
gender
event.
So
we
have
three
different
plugins
three
different
source
plugins,
but
they
will
share
the
same
source
event
source
in
four
walls.
A
A
The
idea
is
to
get
the
stream
of
events
from
a
camera
via
camera,
run
imaginable
connection
with
opencv
over
these
images
and
create
events
send
to
falco
with
a
plugin
and
be
able
to
alert.
When
you
see
a
cat
in
your
from
the
video
streaming,
it
means
you
can
be
alerted
when
your
cat
is
destroying
your
living
room
when
you
are
outside.
A
I
like
this
idea
and
if
you
want,
I
think,
a
great
idea
to
someone
on
this
falco
community
falco
slack
channel
mansion.
I
don't
remember
his
name,
sorry,
but
mentioned
he
would
like
to
create
a
plugin
to
connect
his
car.
I
think
a
tesla
is
tested
his
car
with
balco
through
a
plugin
to
be
alerted
of
some
events.
For
example,
someone
opened
a
door
or
I
don't
know
an
issue
with
the
car
engine.
A
A
Don't
hesitate
to
dig
it
to
to
dig
in
the
repository
to
have
more
readme
and
more
info.
We
also
have
to
use
blog
post
first.
One
is
a
plugin
announcement,
the
reason
behind
what
we
we
want
to
do
with
what
will
be
the
feature
with
for
plugins
and
if
you
feel
confident
to
write
your
plug
your
first
plugins.
I
also
wrote
a
blog
post.
This
is
a
getting
started,
blog
post
about
how
to
start
with
the
golem
sdk
to
write
your
first
project
in
detail.
A
A
Last
words,
if
you
want
to
more
details
about
falco
itself,
of
course
you
have
falco.org
the
main
website.
You
can
check
out
the
project
on
github
and
be
your
all
of
you
will
be
always
welcome
to
discuss
with
the
mentors
and
the
other
members
of
the
community
in
our
main
flag,
channel
palco
on
communities.slack.com.
A
You
can
follow
farco
on
twitter,
and,
if
you
want
to
discuss
about
some
interesting
topics,
we
have
a
communicable
community
call
each
wednesday
at
4pm,
utc
just
come
and
discuss.
We
are
more
and
more
each
week.
It
was
a
lot.
Thank
you
everybody.
I
hope
it
has
been
clear
for
everybody
and
welcome
into
the
community.
Yes,.