►
From YouTube: Defend: Container Security Weekly Group Discussion
Description
Weekly meeting for the Defend:Container Security group
B
All
right
well
we'll
dive
right
in
today
we
have
one
issue
for
planning
breakdown,
which
is
moving
container
network
security
to
core.
B
So
let
me
go
ahead
and
share
my
screen
here
and
the
plan
to
move
this
decor.
It
came
from
sid
he.
You
know
this,
that's
really
where
the
direction
came
from
after
some
discussion
amongst
ourselves.
I
think
we've
landed
on
the
idea
that
you
know.
B
Sure
the
so
after
some
discussion,
we've
landed
on
the
decision
that
the
base
functionality
of
the
open
source
technology
will
move
to
core.
Along
with
you
know,
just
the
basic
elements
that
are
needed
to
use
it-
and
you
know
later
on
any
additional
value
adds
that
we
bring
on
top
of
that
open
source
technology
will
remain
in
a
paid
tier.
Sorry,
we'll
start
an
ultimate.
C
The
who's
taking
notes
today,
we
we
we've
forgotten
that
in
the
past,
so
it'd
be
great.
If
somebody
could
volunteer
to
take
the
notes
for
the
meeting
just
so
that
thiago
and
arthur
can
can
keep
up
to
speed
too
I'll.
A
B
No
problem,
anyway,
so
with
this
one
we're
just
trying
to
you
know,
I
want
to
make
sure
that
we're
in
alignment
around
which
areas
go
down
the
core.
I
think
for
now,
it'll
pretty
much
be
everything
that
we've
built
up
to
this
point,
so
the
basic
usage
of
psyllium,
as
well
as
viewing
statistics
and
exporting
logs
to
sim
zemir.
I
know
you
worked
on
those
for
waff.
I
just
want
to
make
sure
those
are
all
available
down
the
core
for
waff
today
correct
at
least
I
think
that's
how
we
expect
them.
D
D
B
Right,
no,
we
got
that
done.
I'm
just
wondering
what
pricing
tier
it's
available
in.
Oh,
I
see
like
core
versus
ultimate.
B
Okay,
anyway,
so
the
current
plan
is
pretty
much
to
make
everything
that
we've
done
with
philia.
I'm
up
to
this
point
all
the
way
down
to
the
core
pricing
tier.
So
it's
available,
you
know
at
the
court
here.
I
believe
the
security
and
compliance
menu
does
not
show
up
today
in
core.
B
B
D
For
me,
it's
just
that,
as
you
said
like
as
long
as
we
can
see
the
threat
configuration,
we
can
show
the
statistics
and
also
tried
monitoring,
and
also
we
need
to
be
able
to
see
the
cluster
page
to
install
the
scene.
I
need
to
double
check
that,
if
it's
available
for
core,
I
think
it
is.
I
just
need
to
double
check
that.
C
The
other
thing
that
we
should
just
consider
we
don't
we
haven't
done
much
of
moving
things
from
something
else
to
core,
not
that
it's
you
know
rocket
science,
but
I
want
to
be
really
intentional
about.
So
I
think
we
may
want
to
also
just
have
that
in
the
test
plan,
just
making
sure
that
we
fully
test
all
the
functionality
in
core
only
that
we
expect
to
see
working
just
to
make
sure
that
some
dependencies
or
other
changes
that
those
changes
need
are
not
are
in
core
as
needed.
C
E
Oh
just
that
threat
monitoring,
currently
it's
only
available
in
paid
tier,
so
that's
something
that
we'll
have
to
move
everything
else.
I
believe
it's
available
for
for
car
already.
F
E
I
believe
the
whole
feature,
that's
what
I
think:
that's
what
we
have
in
the
documentation.
That's
what
I
I
I
when
I
looked
at
the
code,
it's
also
namespace
under
underpaid,
not
open
source
code,
so
so
that
makes
me
believe
that
that
it's
not
available
for
the
car
yet.
B
Okay,
it
so
yeah.
If
you
see
that
in
the
code,
then
I
guess
that
confirms
the
quest
that
answers
the
question
so
we'll
just
take
this
one
off
we'll
keep
that
in
ultimate.
I
think
it's
going
to
be
a
really
weird
experience
if
they
come
in
here
and
the
only
thing
in
this
whole
menu
is
threat
monitoring.
B
So
you
know
even
just
from
a
design
standpoint
we'll
just
take
that
off
and
stick
with
exporting
logs
to
them
and
basic
basic
usage
of.
B
Okay,
any
other
questions
or
comments
on
that
agenda
item.
B
Just
a
note,
we
do
have
a
few
other
items
scheduled
for
13.2,
including
creating
editing
and
deleting
for
policy
management
and
an
out-of-the-box
network
policy
set
andy's
working
on
designs
for
this
one.
We're
planning
to
review
both
of
these
next
week
in
our
next
planning
breakdown.
So
we
won't
cover
those
today
and
I
had
a
few
just
other
general
discussion
items
that
are
not
planning
breakdown
specific
but
just
good
things
to
be
aware
of.
A
B
Yep
do
that
right
now
before
I
forget
okay,
so
I
think
it's
just
this
one
well
I'll,
take
a
look
at
the
ones
further
out
later,
but
at
least
we
have
everything
in
13
too.
B
All
right
so
then
a
few
other
informational
items.
One
is
our
category
direction
page.
So
you
know,
I
feel,
like
we've
really
reached
a
point
where
I
finished
planning.
You
know
a
lot
of
problem
validation.
We
got
through
a
problem,
validation
cycle.
We've
also
got
through
a
lot
of
engineering
research,
so
I
went
ahead
and
mapped
out
everything
that
we
need
to
get
to
viable
for
container
behavior
analytics,
and
you
know
built
that
out
here.
B
I
have
an
mr
that's
in
progress
to
add
links
where
I've
created
epics
and
design
issues
for
each
of
these.
So
you
know
that
way:
we've
got
it
fully
built
out
and
you
can
comment
on
things.
I've
tried
to
just
roughly
map
this
to
a
notional
time
frame.
You
know
understanding
that
none
of
this
has
gone
through
dev
sizing
or
you
know,
we
don't
have
estimates
on
all
of
these.
B
So
I'm
sure
all
of
this
is
going
to
be
different
from
what
it
is
today
you
know,
but
whether
it's
shorter
or
longer,
I
just
tried
to
rough
things
to
you
know
an
approximate
notional
time
frame,
so
we
could
plan
out
for
the
next
12
months.
B
B
B
Anyway,
I
just
wanted
to
point
your
attention
to
this
page,
since
I
did
update
it,
I'm
going
to
be
working
this
week
to
do
the
same
for
container
network
security,
and
there
are
some
areas
that
we
have
a
lot
of
cross
overlap
between
all
of
the
categories
in
this
group.
You
know
a
good
example
of
that
would
be
the
policy
management
ui
that
arthur's
been
working
on
at
the
moment.
B
I'm
planning
on
having
most
of
those
issues
go
into
the
container
network
security
category.
Just
because
the
way
epics
work
you
can't
have
one
issue
belong
to
multiple
epics,
so
I
have
to
pick
you
know,
one
bucket
to
put
it
in,
and
I
think
container
network
security
is
a
little
bit
further
along
than
everything
else.
So
you
know
things
like
improving
the
policy
management
experience
are
going
to
end
up
falling
under
that
container
network
security
category,
but
really
a
lot
of
those
that
work
is
going
to
be
beneficial
for
all
of
the
categories
here.
B
Everything
including
waff.
Even
so
you
know
that's
just
another
area
to
keep
in
mind.
B
Absolutely,
lastly,
I
just
wanted
to
review
and
give
an
update
to
our
high-level
12-month
roadmap.
I've
made
some
changes
since
I
presented
it
at
our
strategy
meeting
at
the
beginning
of
may,
so
I
just
wanted
to
go
over
with
you
the
new
plans
here
and
get
any
feedback
that
you
may
have.
So
let
me
take
just
a
minute
to
present
this
and
walk
through
it
and
and
then
I'd
love
to
hear
any
comments
that
you
have
so
right
now
we're
in
the
middle
of
q2.
B
You
know
we're
already
one
iteration
in
with
two
more
to
go.
We've
started
some
basic
policy
management.
That's
what
arthur's
been
working
on
as
well
as
getting
psyllium
into
that
new
policy
management
ui.
You
know,
zamir
and
allen
have
been
working
on
the
initial
release
of
container
host
protection,
getting
that
to
minimal,
and
you
know,
as
you
saw
for
the
next
iteration
we've
got
out
of
the
box
policy
packs
plan
for
container
network
security.
So
that's
really
what
I
have
planned
for
q2.
C
Policy
management,
one
thing
that
I
haven't
commented
on
the
issues
the
policy
packs.
Just
I
know
one
of
the
outcomes
of
the
policies
is
tell
a
human
something,
and
I
believe
I
saw
functionality
like
that
recently
released
or
recently
updated
in
other
parts
of
gitlab.
So,
just
just
to
remind
me
to
worth
noting
is
that,
rather
than
having
our
own
notify
a
human
of
something
functionality,
we
may
want
to
use
those
where
possible
at
least
use.
C
Those
other
features
that
exist
in
gitlab,
which
may
actually
accelerate
may
make
it
less
work
for
us
if
it's
the,
if
the
functionality
is
consistent.
So
just
just
worth
noting.
B
B
So
in
q3
I'm
planning
to
put
policy
management
on
hold
with
you
know
the
assumption
that
you
know
really
there's
kind
of
a
declining
rate
of
return.
As
you
work
on
these
features,
you
know
getting
something
out
for
policy
management
has
a
really
high
value
continuing
to
iterate
on
that
has
diminishing
returns.
So
I'm
trying
to
you
know
maximize
the
value
that
we're
getting
to
customers
by
giving
them
something
in
policy
management
and
then
moving
on
to
get
them
something
in
terms
of
alerting
capabilities.
B
You
know,
alerts
are
a
little
bit
different
from
everything
else
that
we've
implemented
up
to
this
point.
You
know,
whereas
logs
tend
to
be
very
spammy,
you
send
almost
anything
and
everything
out
to
a
log,
and
then
you
have
a
sim
that
aggregates
that
and
does
analytics
against
it
and
parses
it
and
correlates
it.
Alerts
are
a
little
bit.
Different
alerts
are
things
that
are
actually
bad.
You
know
that
you
know
wayne
whitton
just
said
you
know
tell
a
human
about
it.
B
You
know
these
are
things
that
you
may
actually
want
a
human
to
go
in
and
review
because
they're
concerning
enough,
but
perhaps
you
don't
want
to
actually
block
on
them
because
that
could
potentially
disrupt
a
workflow.
So
these
would
be
things
like
you
know,
since
I've
got
xamarin
allen
on
the
call
and
you're
working
on
container
host
protection,
you
know
say:
a
process
starts
inside
of
a
container
that
you
know
is
not
on
our
allow
list.
B
Maybe
I
don't
want
to
actually
shut
down
that
container
or
block
that
process
from
starting,
because
who
knows
maybe
it's
legitimate
for
some
reason,
but
that's
a
little
bit
more
than
just
a
suspicious
packet.
That's
like
actually
really
concerning
behavior
and
I
need
to
go
and
manually
review
that
and
decide
if
I
want
to
either
ignore
that
it
was
a
false
positive
or
if
I
want
to
take
some
sort
of
action
to
respond
to
that,
like
start
blocking
that
process
in
the
future.
B
So
that's
really
what
alerting
entails
it.
You
know
from
a
ui
standpoint.
I
envisioned
that
being
somewhat
similar
to
the
ui
that
was
built
for
vulnerability
management,
where
you
know
you've
got
a
list
of
things
and
then
you
can
take
certain
actions
on
them,
but
they're,
not
vulnerabilities.
These
are
actually
alerts
or
events
that
occurred
or
were
triggered
so
we're
planning
to
start
with
that
on
the
project
level.
B
Ci
cd
and
auto
devops
independence.
So
this
is
the
implementation
of
the
architecture,
and
you
know
design
issue.
That's
going
on
right!
Now
that
philippe's
been
running
to
help
figure
out.
You
know
how
can
we
enable
a
security
team
to
run
our
tools?
Even
if
the
development
team
doesn't
use
our
product
or
doesn't
use
ci
cd
or
auto
devops?
C
Is
that
going
to
be
paired
with
a
potential
different
way
of
doing
licensing
or
pricing,
or
is
that
that
that
may
come
out?
That
may
be
an
offshoot
task
of
this
or
may
not.
B
Yeah,
so
that
I
view
this
as
separate
from
the
the
pricing
and
packaging
discussion.
B
Initiatives,
interestingly
enough,
I
actually
met
with
a
customer
this
week,
who
you
know,
fell
into
this
category,
where
they
had
teams
in
their
organization
that
were
using
tools
besides
gitlab.
Yet
they
were
very
interested
in
using
gitlab
security
features.
B
So
some
teams
used
gitlab
some
teams
didn't
they
wanted
to
use
our
security
features
across
everything
and
anyway
so
continuing
to
get
solid
validation
from
customers,
but
that's
an
important
direction
for
us
to
head
and
then,
lastly,
you
know
just
rounding
out
container
post
protection
with
you
know
the
the
same
basic
functionality
that
we've
started
off
with
all
of
our
other
categories,
being
able
to
see
statistics
export
logs
and
turn
it
on
and
off.
B
Going
into
q4,
we
talked
about
the
alerts
at
the
group
and
instance
levels
already.
This
next
item
would
be
extending
psyllium
to
add
some
more
in-depth
performance
monitoring.
So
this
is
kind
of
the
next
evolution
of
what
we
call
statistics
today,
where
you
would
be
able
to
see
things
like
cpu
usage
and
memory
usage.
You
know,
network
bandwidth
and
latency,
that's
introduced.
B
You
know
an
ability
to
dive
in
just
one
click
deeper
in
the
event
that
there
are
problems
to
troubleshoot,
and
you
know
once
we
have
alerting
capabilities
and
performance
monitoring,
we're
probably
going
to
be
in
a
good
position
to
start
moving
container
network
security
to
viable.
I
think,
actually,
there
may
be
one
other
one
in
here
that
I'm
missing,
which
is
being
able
to
see
vlogs
inside
of
git
lab
itself.
B
So
I'll
need
to
add
that
in
but
I'm
hoping
to
move
container
network
security
viable
by
the
end
of
the
fourth
quarter
so
by
the
end
of
january,
and
then
lastly,
for
container
host
protection
would
be
adding.
You
know
leveraging
the
policy
management
capability
that's
being
worked
on
now,
but
bringing
container
host
protection
into
that
model
where
we're
able
to
add,
create
edit
delete
policies
for
container
host
protection
there
as
well,
and
also
adding
in
vulnerability
and
malware
scanning
capabilities
and
then
moving
on
to
q1.
B
But
you
know
we
don't
necessarily
have
to
go
with
that
technology
if
there's
another
that
meets
the
requirements
and
then
coming
back
to
revisit
policy
management
and
really
do
the
next
iteration
to
flesh
that
out
a
little
bit
deeper
and
getting
performance
monitoring
for
container
host
protection.
So
I
know
that
was
a
lot.
I
just
did
a
lot
of
talking
there
any
thoughts
or
feedback
on
that
12-month
roadmap.
D
A
question
about
the
policy
management
part
two
so
for
police
manage
part.
Two
are
we?
Are
we
looking
towards
unifying
how
to
add
policy
for,
like,
let's
say,
ceiling,
chp
and
all
the
other
features
that
we
have
up
to
that
point?.
B
Yep,
absolutely
that
would
be
you
know,
heading
in
the
direction
of
those.
You
know
early
workflow
designs
that
I
shared.
I
think
it
was
a
week
or
two
ago
as
well
as
we
have
an
issue
out
here
to
research,
our
policy
architecture.
There
are
a
lot
of
use
cases
in
here
that
we
don't
address
today.
You
know
things
like
being
able
to
see
the
history
of
changes
to
policies
having
a
multi-step
approval
process.
B
C
The
let's
see
here,
oh
yeah,
so
it'd
be
great
to
have
you
know
a
short,
maybe
less
than
two
minute
demo
recorded
and
put
on
unfiltered
on
the
sim,
sending
sorry
being
able
to
send
log
events
to
a
sim
from
from
cns
and
from
waff
just
those
tend
to
be
pretty
informative,
etc.
So
it
doesn't
need
to
be.
You
know,
very
polished,
but
you're
great.