►
From YouTube: Engineering Proposal for Host-based Container Protection
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
All
right,
well
just
to
start
things
off,
I
wanted
to
say
you
know,
thank
you,
Zamir
and
Alan
for
the
work
you've
done
on
this.
The
Federation
I
really
appreciate
it.
I
think
we
thought
you
know
some
really
good
ideas
coming
together
and
I'm
really
excited
to
see
what
you've
done
just
wanted
to
have
a
synchronous
discussion
here,
because
I
felt,
like
you
know,
the
points
I
had
for
there's
been
a
lot
to
go
back
and
forth
in
the
issues,
so
just
to
start
off,
I'm
happy
to
vocalize
the
points
that
I've
got
in
here.
A
I
wanted
to
make
sure
you
know
as
part
of
this
proposal,
there's
a
very
long
list
of
technologies
in
the
list.
I
didn't
count
them
up,
but
maybe
ten
or
more
right.
Even
if
we
end
up
not
using
every
single
item
in
the
list,
it
still
is
shaping
up
to
be
a
lot
of
different
things
that
we're
putting
together
and
I
want
to
make
sure
that
we
can
present
this
to
the
end-user.
As
a
single
you
know
get
web
solution
like
this.
A
Is
your
get
web
container
protection
solution,
container
hearse
protection
solution
and
that
we
can
abstract
that
a
little
bit
away
where
they
don't
have
to
think
and
worry
about
I'm
using
a
farmer's
here
and
Falco
here,
and
you
know
what
all
the
different
pieces
are
doing,
or
even
what
the
components
are
under
the
hood
we're
certain
like
they
want
to
know.
We
can
make
that
information
available,
but
they
shouldn't
have
to
have
that
knowledge
to
get
started
using
the
feature.
A
So
there
are
three
areas
but
I
called
out
in
my
list
that
we
would
want
to
make
sure
that
abstract
that
away
so
installation
and
management
policy
management
and
blogs
and
alerts
and
I
ended
up
deciding
to
move
the
policy
management
discussion
to
the
end.
Just
because
I
want
to
show
you
some
of
my
long-term
thinking
there
and
I'm
worried
that
that
can
just
take
over
the
entire
discussion
and
the
time
that
we
have
today
but
I.
A
B
I
think
I
think
that
the
policy
kind
of
centralized
I
think
it's
a
good
idea
for
the
user
and
we
could
start
like
with
very
few
options
and
it's
going
to
be
like
a
customization.
That's
what
to
be
transparent
for
the
user
to
each
each
configuration
it's
going
to
each
solution
shouldn't
be
a
big
deal.
B
A
A
Okay,
I
know
there
were
some
comments
around
the
logs
and
alerts
so
just
to
follow
up
on
that
one
I
agree:
there's
a
few
different
points
there
that
we
would
want
to
consider.
You
know
one
is
where
you
can
figure
the
logs
to
go
out
to
syslog
alerts.
Also
I
guess
we
didn't
talk
about
that.
Much
in
in
the
discussion
ahead
of
this
meeting,
but
alerts
would
be
a
little
bit
different
from
logging.
So
you
know
logging,
you
may
have
everything
go
out
to
logging.
A
You
may
only
want
to
actually
be
alerted
when
something
bad
happens,
and
so
you
know
we
haven't
really
dealt
with
alerting
yet
in
mod
security
or
cilium.
You
know
we
haven't
built
any
alerting
capabilities
yet,
but
that
is
another
thing
that
I've
got
on
my
roadmap,
but
we'll
want
to
consider
down
the
road,
so
you
know
unifying
the
way
that
those
come
in
again
so
that
it
looks
and
fuels
like
it
came
from
get
labs
container
host
protection
solutions
rather
than
you
know.
C
C
The
I
hadn't
thought
about
alerting
that
kind
of,
but
but
not
recently
at
least,
but
you
know
that's
a
really
good
point
that
we
need
to
consider
that
by
not
specific
to
container
behavior
analytics
or
they'll
track
it,
of
course,
as
part
of
that,
but
in
general
the
part
so
there's
also,
if
we
can
avoid
it
there
shouldn't
be.
You
know
one
place,
don't
to
add
anything
that
is
needed
to
enable
logging
and
alerting
so
not
fluent
D,
here
and
fluency
here
and
fluent
in
here.
C
But
you
know
if
it's
one
player,
maybe
just
you
know,
there's
a
click
add
fluent
D
or
maybe
when
you
configured
logging,
it
adds
fluent
e.
You
know
to
wherever
it's
needed
or
something
along
those
lines.
So
not
just
the
configuration,
but
the
installation
should
also
be
in
one
place
and
perhaps
be
done
one
time
the
only
the
only
place
I
potentially
disagree
is
on
the
log
format.
C
Each
tool
will
have
its
own
format
and
there
should
be
some
things
that
are
in
common
between
them,
like
the
timestamp,
like
which
container,
if
it's
container
specific,
because
it
might
be
kubernetes,
you
know
infrastructure
specific,
which
container
it
is,
if
there's
a
user
involved,
which
the
events
may
or
may
not
be
for
a
user.
The
user
should
be
clearly
indicated
if
there's
a
process
involved
the
process
or
though
or
there's
a
file
involved.
You
know
we
should
try
to
standardize
some,
but
each
tools
gonna
have
its
own
logging
format.
So
what
I
would
recommend?
C
Is
we
initially
getting
all
the
logs
going
to
one
place
with
one
place
to
configure
it,
and
then
we
later
work
on
log
standardization
iteratively
over
time
to
make
it
as
close
as
possible
between
the
different
solutions,
whether
its
behavior
analytics
or
cilium
laugh
or
whatever?
We
kind
of
iteratively
improve
that
trying
to
do
that
in
v1.
I'm,
not
saying
you're
trying
to
do
this
in
the
first
release,
but
that
there's
a
lot
more
work
than
just
getting
the
logs
to
one
place.
Now.
A
I,
understand
that
and-
and
you
know
priority
wise
I-
don't
know
that
we
would
get
to
that
any
time
this
year.
I
just
want
to
make
sure
that
we're
not
picking
a
technology
that
you
know.
We
can't
do
that
for
some
reason.
You
know
I
just
want
to
keep
our
options
open
down
the
road
you
know
even
before
we
start
messing
with
the
keys
in
the
list
of
things.
A
You
know
we
want
to
make
sure
they're
all
like
outputting
in
JSON
format,
for
example,
which
maybe
all
of
them
already
are,
but
if
they're
not
you
know,
do
we
have
the
flexibility
to
convert
it
into
JSON
format,
for
example,
you
know
not
suggesting
we
take
on
this
work
through
the
MVC
by
any
stretch
of
the
imagination
or
even
in
the
next
12
months.
I,
just
you
know
we're
picking
technologies.
Here.
This
is
a
big
decision.
You
know
I
want
to
make
sure
we're
picking
something
that's
going
to
work
for
us
all.
D
Lot
of
sense
to
me,
what
does
everybody
else
think
yeah
I
understand
why
we
to
have
that
I
I,
believe
we
all
the
tools
that
we
proposed
and
that
we
are
currently
using
or
supporting
JSON
output
format.
So
we
can
then
adapt
it
through
to
to
be,
let's
say,
more,
get
lap
away
or
something
like
that
that
will
have
to
work
for
Louis,
Planck
and
other
CEM
providers
and
the
tools
just
to
make
sure
that
people
can
export
from
get
labs
to
those
tools
and
be
able
to
filter
to
them
and
so
on.
D
A
E
C
C
A
Yeah,
so
the
difference
between
a
log
and
alert
you
know
this
is
this
is
pretty
common,
so
vlogs,
you
know
you,
you
may
send
a
lot
of
things
out
via
logs.
You
may
send
you
you
may
want
to
log
when
a
policy
you
know
any
policy
has
violated
almost
regardless
of
the
severity
that
happened.
Alerting
is
a
little
bit
different,
where
an
alert
would
be
generated
when
there's
actually
an
incident
or
a
violation
of
concern
to
the
end-user.
A
So
there
is
a
difference
between
logging
and
alerting,
where
alerting
would
show
up
in
some
kind
of
you
know
a
dashboard
or
workflow,
where
the
security
analyst
could
go
through
and
review
those
alerts
and
either
clear
them
or
approve
them.
Logging
is
going
to
be
used
in
a
much
wider
sense
where
you
know
you're
just
trying
to
capture
the
logs
and
store
them
off
somewhere.
In
case
you
need
to
go
back
into
troubleshooting
the
use
case.
There
is
not
necessarily
there's
been
something
that's
concern,
but
just
something
that
I
want
to
record
for
future
reference.
A
You
know
so
your
logs,
you
would
typically
have
sent
out
test
them
where,
as
alerts,
you
would
actually
want
to
have
some
kind
of
daily
work
where
you
go
through
and
review
those
items
concern.
Maybe
those
are
things
that
you
don't
actually
want
to
block,
but
if
they
happen
you
do
want
to
go
in
and
know
about
them
to
review
them.
A
B
Do
you
mind
if
I
ask
a
question?
That's
a
little
bit
of
out
of
the
scope
of
the
logging
and
I'll
alert.
For
now
sure
I
was
thinking
that.
Are
we
reconsidering
that,
in
the
future
that
we
are
going
to
feed
this
data
back
to
get
lab
like
in
terms
of
vulnerability
or
something
so
then
it
they
can
be
further
process
like
as
an
issue
or
come
down
at
the
third
part
of
the
circle?
Yes,.
A
All
right,
so,
unless
there's
more
comments
or
questions
on
point,
a
I
want
to
move
on
to
point
B.
So
again,
you
know
this
doesn't
necessarily
have
to
be
done
today,
but
you
know:
we've
run
into
this
issue
like
with
mod
security,
for
example.
We
want
to
make
sure
that
we
can
be
couple
our
use
of
these
products
from
required
use
of
CI,
CD
and
other
dev
ops,
and
specifically
it's
not
that
we
can't
use
CI,
TV
or
Auto
dev
ops
at
all.
A
It's
that
we
want
to
be
able
to
let
the
security
team
work
independently
of
the
development
and
dev
ops
team,
regardless
of
where
they're
at
in
their
adoption
journey.
So
if
the
security
team
use
a
CI,
that's
fine,
as
long
as
it
doesn't
require
it
to
be
used
by
the
development
team
or
stuff
on
the
development
teams
Toad's,
regardless
of
what
technology
they're
using
so
I
just
want
to
see
as
well.
You
know
is
there:
is
there
anything
that
would
prevent
us
from
meeting
these
use
cases
with
these
technologies?
C
And
say
thank
you
for
adding
the
write-up
on
exactly
what
you're
looking
for
here
or
more,
you
know,
double
clicking
on
the
use
case.
I
think
that
would
actually
help
with
the
issue
that
Philippe
is
researching
on
in
general,
you
know
using
the
container
security
solutions,
whether
its
behavior,
analytics
or
or
the
other
ones
like
you
know,
web
form
or
network
policies
etc
in
this
kind
of
mode.
A
As
a
mirror,
Allen
really
thought
feedback,
like
you
know,
are
we
okay
with
the
technologies
that
we
picked?
Are
we
not
okay,
this
you
know
again
like,
even
if
we
don't
need
that
out
of
the
gate.
That's
okay.
I
just
want
to
make
sure
that
we're
going
to
be
able
to
support
this
in
the
future.
I
believe.
D
The
technologies
which
is
it
it
is
possible,
it's
all
about
the
deployment
not
about
the
technologies
itself,
but
how
to
deploy
it.
I,
don't
know
if
the
new
way
of
installing
apps
like
through
it,
let's
see
ICD.
So
you
you
just
have
a
Yama
file
and
you
specify
which
applications
you
would
like
to
install
in
your
cluster
and
it
will
install
without
thinking
about
like
okay.
D
You
still
have
to
have
the
project,
but
in
that
project
there's
only
there's
only
needs
to
have
the
amal
file
with
or
with
certain
fields
enabled
that
you'd
like
to
install
either
like
so
in
2d
or
or
cilium
or
ingress.
So
I
I
do
believe
it's
possible,
but
I'm,
not
fully
sure.
If
I
understand,
you'd
love,
see,
I,
see
the
apps
yet,
but
by
looking
at
the
design
and
how
how
it
works.
It
looks
like
it
is
possible.
E
To
be
honest,
on
my
side,
I
haven't
looked
at
all
of
this.
We
had
a
discussion
again
thinking
and
a
couple
of
weeks
ago
about
this,
but
I
will
definitely
take
a
deeper
look.
This
is
I,
don't
see
anything
that
is
problematic
to
me,
but
I
want
to
make
sure
that
we
think
about
all
the
right
spots
like,
for
example,
I've
seen
nuts
that
would
be
used
with
a
widiculous
I.
E
Don't
have
any
problem
with
nuts
itself,
because
it's
something
very
lightful
and
performant,
but
does
one
make
sure
that
we're
not
introducing
any
security
issue
with
that
because,
as
far
as
I
know,
there
is
no
multiplication
with
nuts.
So
that
means
if
anyone
in
the
cluster
Jose
has
access
to
that,
they
would
be
able
to
interfere
with
the
areas,
for
example,
that
you
wanted
to
push
in
this.
This
message
queue
and
they
could
like
did
I,
see
it
or
just
remove
the
messages
that
that
would
be
interesting
for
a
security
practitioner.
E
A
Okay,
well
I'll
table
that
conversation
for
now,
but
you
know,
as
we
do
the
MVP
of
this.
If
we
could
keep
this
in
mind,
you
know
anything
we
can
do
to
save
ourselves.
Really
work
later
would
be
helpful,
you
know-
and
maybe
some
of
that
is
just
letting
them
do
a
manual
deployment.
You
know
into
the
cluster
and
then
connect
that
back
with
get
lab
in
some
way,
and
then
it
doesn't
matter
what
they're
using
for
CI
CD
or
Auto
DevOps
or
even
for
their
STM.
A
D
J,
my
friend,
we
should
like
choose
one
and
and
not
supplement
the
other
one
or
implemented
after
some
time,
not
for
the
first
iteration
so
for
active
response
blocking
okay,
we
can
go
with
NASA
and
Q
blaze
or
we
can.
We
can
write
something
simple
like
that
by
Phi
presented
on
the
demo
or
use
something
that
is
already
it's
not
a
part
of
Falco,
but
but
we
have
super
very
small
applications
called
Falco
sidekick
and
we
can
extend
it.
D
It's
just
actually
a
HTTP
server
that,
like
you,
need
to
authenticate
to
it
and
then
econsent
events
to
it.
And
then
it
will
like
react
by
let's
say:
send
a
message
to
slack
or
teams
or
send
data
to
data
dog
or
do
a
web
hook,
and
we
can
extend
it
easily
or
you
can
have
our
own
solution
that
that
shouldn't
be
a
problem.
D
So
I
don't
believe
we
need
to
have
an
ATS
in
the
first
iteration
and
cublas,
because
that's
that's
something
that
is
really
huge
and
that
adds
additional
capabilities
for
each
lab,
but
managing
dad's
deploying
that
will
first
of
all
Inc
like
increase
the
attack
surface
as
Felipe's.
That
and
also
it
will
decrease
like
increase
our
like
the
work.
We
need
to
do
to
accomplish
that.
A
Okay,
so
it
would
so,
if
I
understand
it
right
if
the
between
our
go
up
in
the
nasty
boys
solution
as
a
nebulous
would
give
us
just
extra
active
response
options
like
what
you
know
the
ones
you
mentioned,
sending
this
lock
or
crate.
You
know
creating
a
web
perk
things
like
that,
so
it
just
opens
the
door
to
more
options
than
we
have
with
our
simple
go
wraps
of
go
app
that
we
write
ourselves.
D
And
actually
yeah,
that's
true,
so
we
you
know,
in
my
opinion,
we
just
need
to
keep
it
simple.
So
to
go
up,
not
not
use,
not
you
stats
and
cube
list
for
now,
but
either
go.
C
D
Or
there's
another
solution
that
I
this
was
not
listed,
I
discovered
it.
Yesterday
it's
called
Falco
sidekick.
It's
part
of
its
own
Falco
episode,
3.
It
has
like
there's
ability
to
outfits,
just
slack
or
teams,
I'll.
Add
it.
Oh
yeah,
you've
added
it
here
so,
but
not
go
with
stats
or
cube
list
here,
but
rather
rather
1-1
or
like
go
up
or
Falco
sidekick
an
extent
the
Falco
sidekick
to
to
meet
our
needs.
Because
right
now,
Falco
sidekick
does
not
support
running
like
a
bad
script.
Then
we
actually
is
the
first
direction.
D
A
D
A
D
Because,
with
our
like
simple
go,
Apple
crate
we're
going
to
maintain
it
that
will
be
application
written
by
us,
but
we
can
keep
it
simple
with
Falco
sidekick.
If
we
have
to
extend
it
and
we're
not
sure
if
they'll
accept
our
contribution,
because
that's
I
would
say
unusual
to
run
the
bass
script
and
so
I'm
not
sure
if
you'll
accept
it
so
I
would
go
with
our
go
app
or
try
to
write,
write
it
and
and
test
it.
I,
don't
believe
it
will
be
a
lot
of
work,
I
just
added
a
cell.
D
We
added
SL
because
we
need
to
create
a
hound
chart
for
it.
We
need
to
like
maintain
it
at
tests
for
it
and
so
on,
but
at
the
same
time
for
Falco
sidekick.
Okay,
we
have
lots
of
things
already
done
for
us,
but
but
and
then
we
need
to
extend
it
and
we
need
to
decide
if
we
kind
of
just
fork
it
and
add
some
additional
functionalities
to
it
or
we'll
try
to
contribute
to
the
community
of
Falco.
So
I
know
it
was
her
peeing
as
I'm.
Here.
B
Or
I'm
typing
I
have
a
very
hard
time
to
sync
up
everything:
that's
I'm
a
little
bit
quite
there
I
didn't
look
can't
you
sidekick
for
me
like
just
going
back
a
little
bit
on
the
point.
This
is.
We
have
lots
of
solutions
for
the
same
requirement
more
as
an
option.
I
think
I
hope
that
that's
very
clear
ever
there
is
not
that
we
are
going
to
commit
all
of
them,
and
some
of
them
are
simple
but
have
more
limitations.
A
A
So
I
mean,
from
my
perspective,
it
seems
like
all
three
of
these
meet
the
requirements.
So
from
my
end
we
could
reasonably
go
with
any
of
them.
You
know,
if
you
told
me
they're
all
equal,
of
course,
I'm
going
to
want
the
cheapest
one,
but
other
than
that,
like
I'm,
really
looking
to
engineering
to
propose
what
would
you
here,
you
know
as
long
as
everything
meets
the
requirements
on
my
end,
you
know
I,
don't
really
care
too
much
which
technology
you
pick.
C
C
This
is
it
so
they
have
to
write
it
in
in
in
a
batch
script,
and
you
know
bat
writing
things
and
batch
scripts
is
not
a
huge
lift
but
like
doesn't
have
the
things
automatically
built
in,
for
example,
to
output
the
slacker
teams
yeah,
basically
which
but
feels
more
to
me
like
an
alert
than
a
log,
so
I'm
not
sure
about
there's,
pros
and
cons
of
allowing
that
to
happen
in
container
sort
of
behavior
an
alert.
It's
a
different
way
than
other
places.
C
A
Is
that
something
that
we
could
add
a
go
app?
You
know
if
we
started
with
sidekick
now,
could
we
use
its
webhook
functionality
to
write
a
go
out
that
you
know
just
listen
to
that
web
hook
and
then
rent
you
know,
ran
a
bash
script
so
that
way,
you
know
we
could
just
extend
that
with
a
ghost
script
or
go
app
down
the
road
without
having
to
contribute
to
the
sidekick
project
or
how
about
merge
your
quest
accepted
by
them
yeah.
E
Okay,
we
should
have
a
meeting
around
this,
because
I
have
the
feeling
that
you
are
going
to
duplicate
some
things
that
might
already
exist
at
github.
We
already
have
some
services
to
use
like
users
based
on
events.
It's
just
that
we
don't
have
that,
even
yet
in
gitlab
and
afraid
that
I'm
thinking
about
this
little
bit
holistically
like
if
you
have
10,000
applications
gitlab,
you
would
deploy
like
10,000
particles,
I.
Think
if
you
meant
we
have
that
feature
which
is
not
the
most
efficient
way
like.
E
If
you
want
to
your
dates
side
for
equal
sidekick,
you
will
need
to
do
that
and
I,
sometimes
wonder
if
we
should
start
thinking
about
what
we
could
reuse
in
the
current
architecture,
because
in
my
head,
the
difference
between
art
and
log
entry
is
kind
of
the
same.
If
he
used
blank.
For
example,
the
only
alerts
that
you
are
going
to
get
our
log
entries,
you
just
define
what
makes
a
log
entry
and
a
layout.
That's
why
I
was
asking
earlier
and
from
there.
E
If
you
have
this
log
and
you
can
generate
events
and
from
these
events,
you
can
decide
to
store
that,
as
you
can
fish
you
so
that
you
can
comment
and
target
mice,
and
but
you
can
also
decide
to
have
a
kind
of
notification
on
slack
and
you
have
the
will
loop.
That
is
done
so
mainly
without
implementing
a
lot
of
things.
So
that's
probably
going
to
be
useful
to
have
this
conversation
in
the
next
days,
but
you
think.
E
C
These,
where
we
want
to
make
it,
we
need
to
make
a
decision
on
which
technology,
or
at
least
which
technology
first
it's
fun,
mostly
which
one
is
go
into
more
detail
on
the
pros
and
cons
of
each.
If
they
all
meet
Sam's
requirements,
that's
great.
Some
may
meet
them
better
than
others
and
some
might
be
better.
You
know
from
an
engineering
perspective
than
others,
so
I
think
we'll
one
I
don't
try
to
sell
that
today,
because
I
think
I
think
we
won't
get.
C
D
C
Think
it's
both
I
think
we
want
to
be
able
to
notify
somebody
of
something
and
we
want
to
be
able
to
take
I,
wouldn't
say
block
that
implies
in
line
like
we.
This
is
after
the
thing
has
already
occur,
but
take
some
action,
for
example,
might
be
a
turn
off
hook,
can
turn
off
a
container,
might
be
an
action
or
kill
a
process
I'm
a
specific
container,
or
you
know
you
know
something
like
that.
I
think
it's
both
both
kinds
of
things
are
in
scope.
A
A
C
D
Yeah
definitely,
but
knowing
knowing
that
and
would
feel
upset
about
integrations
with
slag
that
they
currently
have
from
grid
lab
I.
Believe
Falco
sidekick
might
be
just
a
simpler,
better
choice,
because
then,
who
like
use
the
web
hooks
and
and
that
will
be
Ethel
trigger
I,
believe
like
notification
from
grid
lab,
and
so
it
will
be
easier
for
us
to
use
it
and
will
already
have
all
all
default
things
that
we'd
like
to
have
like
sending
an
email
or
doing
other
things.
D
A
You
know
to
just
call
it
what
you
will
write
an
emotional
thing,
an
emotional
security
blanket
a
checkbox
requirement.
You
know
there
still
is
a
desire
to
have
that
capability
looks
like
Tiago
said
app.
Armor
is
and
mitigation
strategies
here,
I'm,
not
sure,
if
he's
just
referring
to
the
protections
that
you
know
would
still
protect
against
malware
being
run.
It
is
what
I'm
guessing
but
I
give
the
sense.
A
The
customers-
and
we
can
verify
this
as
time
goes
on
because
we
stopped
a
while
before
we
will
get
to
actually
implementing
this,
but
from
the
information
I
do
have.
It
sounds
like
they
do.
Actually
want
malware
scanning
in
running
containers,
so
that
would
effectively
make
that
solution,
not
an
option
which
leaves
us
with
either
clam,
maybe
or
dad
die.
The
fun
thing
not
like
so.
C
Here's
some
of
the
discussion
around
this
and
I'm
still
not
convinced
of
this,
but
Philippe
and
or
zu
your
hand
or
Alan,
tell
me
I'm
wrong,
which
is
fine,
because
I
likely
am,
but
that
the
opinion
we
don't
need
malware
scanning.
If
we
have
application
whitelisting
and
reason
is
that
if
we
explicitly
define
what
applications
can
run,
that
will
not
include
malware.
C
Of
course,
it's
only
gonna
be
things
known
that
should
be
run.
So
the
reason
why
I
don't
necessarily
agrees
I
think
a
concerted
attacker
may
find
a
way
to
leverage
something
else
that
already
is
in
place
and
make
it
to
that
they
can
insert
malware
into
that
or
attach
malware
to
that,
so
the
application
still
is
allowed,
but
that
it
has
malware
attached.
Maybe.
C
C
So
so
why
we
can't
do
it
in
the?
Why
I
believe
we
can't
do
it
in
the
pipeline
is
that
malware
can
be
inserted
after
the
container
is
already
built
and
running
so
I
think
doing
it
in
the
pipeline
is
great
because
you
want
to
detect
it
there,
but
they're
definitely
techniques
to
after
containers
running
inserting
malware
into
it
and
trying
to
get
it
to
run.
A
A
wave
like
a
clam,
maybe
and
dad
does
both
seem
to
meet
their
the
product
requirement.
You
know
so
again.
My
question
was
am
Aaron.
Allen
is,
if
there
a
preference
between
the
two
obviously
bagged.
It
gets
us
somewhere
with
vulnerability
scanning
as
well,
but
it
was
larger
than
clam.
Maybe
you
know
I
at
that
point:
I
become
a
little
bit
indifferent
as
to
the
solution.
Let.
B
Clemmy
V
is
going
to
be
strictly
for
my
world
detection
and
it's
a
very
light
young
shark
bag.
That
seems
to
be
a
little
bit.
Columbus
I
heard
people
saying
that
they
have
a
couple
issues
when
they
install
that
in
the
cluster.
It
covers
way
more
ground
as
it
integrates
with
Falco,
but
it
would
require
a
little
bit
more
digging
over
there
and
also
they
don't
have
a
home
chart.
So
we
would
have
to
build
and
maintain
one
for
from
our
side.
C
Disco
I
wasn't
familiar
with
it.
It's
it's
it's
much
wider
than
just
malware
just
reading
up
on
it.
It
does.
You
know,
like
you,
mentioned
vulnerability
detection
and
it
looks
actually
at
what
packages
are
on
the
device
that's
around
the
container
and
what
vulnerabilities
are
are
in
them,
etc.
So
I
think
and
Claire
maybe
has
been
out
there
a
very
long
time.
That
may
be
a
good
thing
or
maybe
a
bad
thing.
It's
definitely
mature.
D
That
they're
doing
by
their
own
it's
it's
simply.
They
just
take
application,
already
exist
and
build
it
into
a
single
integrated
tool
that
that's
all
and
I
believe.
In
my
opinion,
by
playing
with
it,
it's
not
stable
yet
to
the
point
that
it's
easy
to
be
used,
but
that's
something
that
maybe
we
could
help.
Oh
just
stabilize
it
or
yeah.
D
C
C
How
does
it
scan
the
file
systems
for
the
containers
it
doesn't?
Have
you
know
it's?
Not
it's
not
an
eight.
We
don't
have
to
actually
run
a
program
on
each
container
right
via
we
run
it
scans.
The
file
system
separately,
so
it
doesn't
have
to
touch
it,
doesn't
have
to
be
the
containers,
don't
need
to
know.
The
claim
maybe
is
running
is
that
is
that
accurate.
D
Yeah
yeah,
actually
you
know
it's
not
something
like
it's
not
a
magic
thing.
Actually,
you
have
to
mount
some
volumes
that
are
available
on
the
note
or
into
Mount
of
Olives
that
are
available
in
different
place
in
your
cluster.
It's
like
that
depends
what
you
have
selected
and
then
it
will
simply
run
it
like.
You
normally
would
run
clamavi
on
your
on
your
back.
C
Yes,
you're
mounting
the
volumes
with
that.
It's
great
the
Vizier
on
the
container
does
not
need
to
be
aware
that
clan
maybe
needs
to
run
or
give
it
permissions
or
run
a
program
on
each
container,
so
just
for
Sam's
to
make
sure
saying.
So
what
this
will
do
is.
Is
this
whole
periodically?
It's
gonna
cut
it
periodically
scan
the
volumes
the
file
systems.
It
will
not
scan
when
the
program
tries
to
run
it
will
scan
periodically
so
that
marabout
understood
okay,
good!
That's.
A
Okay,
yeah,
that's
fine,
the
and
it
will
scan
all
volumes.
I
know
we
were
talking
before
about
different
file
systems
inside
kubernetes,
some
that
are
local
to
the
Container
others
that
may
be
mounted.
Is
there
going
to
be
able
to
scan
everything
would
be
the
other
requirement
or
are
there
file
systems
that
would
not
be
scanned
or
it'd
be
able
to
be
scanned.
B
B
There
are
two
strategy,
one
strategies,
shellac
and
if
we
run
inside
a
class,
the
container
the
other
wants
to
mad
the
container
falling
back
to
the
node
and
run
claim
a
fee
from
the
node,
so
that
I'm
not
sure
exactly
which
one
would
be
the
best
to
that.
I
need
to
run
that
I,
didn't
I
haven't,
run
it
yet,
but
those
those
are
with
you.
The
options
might
be
maybe
I
long.
Look:
okay,.
A
A
Okay,
Linda
in
my
case,
you
know,
from
my
end,
from
everything
I've
heard
like
from
a
product
perspective.
I
do
not
have
a
preference
between
clamavi
or
Dagda
and
I
think
it's
the
same
format
ability
scanning
for
the
two
options
looking
out
there,
so
it
really
seems,
like
you
know.
In
my
mind,
this
is
an
engineering
choice
of.
Do
you
want
to
go
with
Dagda,
which
decides
there's
a
large
or
you
want
to
do
clam,
maybe
plus
you
know,
get
lab
schedule
pipelines
to
cover
for
ability
scanning,
which
was
a
medium
plus,
a
small.
A
D
Okay,
so
so
the
first
thing
the
first
iteration
is
what
I
would
do
is
is
do
what
we
already
have.
So
we
have
already
scheduled
pipeline
like
pipeline
schedules,
and
so
we
just
need
to
make
sure
that
user
knows
about
it,
because
I
was
not
aware
until
I
look
into
dupe,
documentation
and
I
believe
as
a
part
of
our
page
or
somewhere
that,
where
we
gonna
list
all
things
that
we
already
have,
we
need
to
be
able
to
help
users
configure
it.
D
So,
let's
say
like
automated
templates
or
something
like
that,
that
will
help
health
customers
Rondo's
those
tests
periodically
and
and
that's
how
we
could
we
could
achieve
actually
that
as
a
first
iteration
and
then
starting
from
that
well,
we
will
definitely
have
time
and
and
do
more
to
understand
either
clamavi
or
that
we'll
have
to
try
it,
how
it
works
with
what
we
have
in
a
booth,
falco
and
diagnose
should
work
with
Falco
because
it
was
designed
to
work
with
Falco,
but
anyway,
I
I
do
believe
we,
we
could
start
with
something
simple.
First.
E
Not
sure
to
understand
what's
the
identity
of
having
doctor,
because
it
seems
to
me
like
a
very
heavy
solution,
it
requires
MongoDB,
three
wires
on
Titan
and
actually
I.
Think
it's
doing
a
lot
of
things
like
it's
running,
dependency,
check
and
retire,
GA
studios
who
dependency
scanning
on
the
hunted
containers,
and
we
just
care
here
about
malware
scanning.
So
if
it's
just
one
claim,
can
ask
what
prevents
us
from
running
klamath
directly
from
a
shell
squid
that
could
be
running
in
a
pod
in
the
cluster,
which
would
be
a
lot
lighter
and
and
tactile
dots.
E
Yeah,
but
do
you
need
to
do
that
at
the
runtime,
because
we
already
do
that
during
the
pipe
and
before
pushing
the
the
container
to
the
branch's
coaster?
We
have
something
equivalent
to
the
procedure,
which
is
janesomm.
We
have
retired
years
already,
so
these
dependencies
should
not
change
at
runtime
and
if
there,
even
if
I,.
C
E
C
Maybe
actually
Claire
Claire
is
the
way
to
go
for
this.
They
should
similar
to
malware
scanning
is
that
it
should
be
checked
during
the
pipeline
runs,
but
that
we
can't
assume
that
it
hasn't
that
something
is
different.
You
know
some
something
has
not
changed
since
the
pipeline
run
and
we
want
to
scan
as
well
the
running
containers
and
we
should
use
when
appropriate,
which
will
often
be
the
case,
but
maybe
not
always
be
the
case.
Whatever
secure
is
using
to
do
this
similar
functionality
when.
E
B
A
B
A
E
Yes,
what
I'm
saying
is
what
that
guy
is
doing.
Half
of
it
is
done
by
secure
already.
The
thing
that
we
don't
do
is
the
malware
scanning
during
runtime,
and
that
could
be
done
by
a
simple
pod
that
we
would
write
our
self
and
deploy
to
the
crystal
like
in
the
other
pod.
That
could
be
a
lot
lighter
than
what
I
see
here,
which
is
light.
Sorry,
a
Python
server
using
MongoDB
and
probably
some
other
dependencies
I'm
trying
to
keep
that
as
lighter
as
possible
and
I
see.
B
B
C
C
C
E
C
Scanning
do
is
it
clear
where
engineering
feels
we
should
okay
I'm,
seeing
the
notes
and
writing
stuff
will
not
use
Dagda,
let
plan
to
use
Explorer
using
Claire
or
get
lag
scheduled
pipeline,
which
I'm
is
that
so
so
we
still
want
to
research
more,
which
is
just
find,
of
course,
just
want
to
understand.
Where
is
it
Alan
and
Zamir
you
that
make
sense,
is
that?
Are
you
insane
yeah
yeah.
D
So
whenever
something
is
installed
or
it
shouldn't
happen
like
during,
like
in
like
when
during
cluster
run
time,
it
should
happen
only
when
you
build
a
container
sorry
order
in
container
runtime,
but
yeah
I
believe
it
will
sell
phones
of
the
problems
we'll
have
to
revisit
that.
After
after
first
liter
iterations.
A
Okay,
so
we
made
a
decision
on
the
malware
scanning
solution.
We
have
a
strong
direction,
although
not
100%
final
for
vulnerability
scanning
and
the
active
response
of
blocking
storming
some
more
research
just
to
sum
about
right
so
again,
for
the
sake
of
time,
I
want
to
move
through
here
to
lunar
ship
2.3.
If
you
want
to
take
a
look,
I've
attempted
to
prioritize
these
based
off
of
our
discussion
today
as
well.
As
you
know,
the
the
sizes
that
you've
given
me
the
priorities
that
I've
heard
from
customers
does
anything
in
here.
C
D
Permeate
looks
right,
I'm
thinking
about
its
life
schedule
pipeline,
see.
If
we
should
like
in
terms
Bertie
its
it's
fine
but
I
believe
we
could
do
it
early
did
earlier,
because
I
don't
believe
there
will
be
lots
of
work
for
the
engineering
team.
So
we
could
ask
someone
from
someone
that
could
help
us
with
the
documentation
and
maybe
document
it
better,
so
Castle
and
like
we
just
need
to
add
a
link
to
the
documentation
whenever
we
decides
to
to
put
information
about
this
container,
behavior
analytics
so
Dennis
will
be
I,
believe
fine,
all
good.
A
C
Vulnerabilities
well
yeah
in
the
documentation:
I'm,
not
I'm,
not
there
yet,
but
before
we
do
that,
let's
run
it
by
and
I
want
to
think
about
it
more
and
let's
well,
we
can
move
it
there.
If
that's
where
everybody
else
wants
to
move,
it
I
think
that's
fine,
just
yeah!
This
is
all
still
tentative
too.
C
C
Not
just
this
but
yeah
I'm,
finding
that
change
Bram
one
thing
I
saw
in
here
that
just
jumped
out
at
me
statistics
and
from
two
aspects.
Just
things
to
consider
is
that
you
know
we
it'd
be
great.
If
every
the
way
we
compute
statistics
for
the
container
behavior
analytics
is
very
similar
and
leverages
as
much
as
possible
as
how
we
do
it
for
laughs
and
for
a
container
network,
all
right.
C
Time
the
other
separate
topic
is
it
I
know
we're
really
challenged
with
getting
overall
metrics
kind
of
north
star
style
metrics
on
numbers
of
whatever's,
for
each
each
set
of
components.
You
know
whether
it's
laughs
or
container
network,
and
probably
for
this
is
so.
Let's
keep
that
in
mind
for
this,
that
that
has
been
a
challenge.
I
think
we're
gonna,
we're
surely
gonna
overcome.
But
let's
keep
that
in
mind.
So
we
designed
this
to
take
advantage
of
the
best
practices
we
learned
for
the
others.
I
see,
Allen
I,
see
you
nodding.
A
I
know
those
are
good
things
to
call
out.
You
know
metrics
we're
going
to
want
to
get
those
probably
as
part
of
priority
for
at
that
same
time
and
statistics
we're
not
talking
about
network
traffic
here.
So
the
sistex
for
this
is
going
to
look
different
I,
don't
have
a
vision
for
what
that
will
look
like
yet
I'll
have
to
work
with
Andy
on
that.
But
you
know
we.
The
problem
to
be
solved
is
the
same,
which
is
at
a
high
level.
A
Can
I
just
look
at
it
and
know
that
the
thing
is
working
and
see
at
a
really
high
level,
how
much
stuff
that's
doing
for
me
blocking
or
stopping
or
whatever?
This
is
kind
of
a
stopgap.
Until
you
know,
I
didn't
put
like
alert
visualization
on
this
list
if
it's
a
little
bit
out
of
scope,
but
you
know
until
we
get
a
full
like
alerts
page
where
you
can
actually
see
the
things
that
are
being
blocked
from
through
and
I'm
alert.
A
A
C
A
C
C
B
Kids
to
failure
so
sure
Philippe
before
I
go
can
I
just
clarify
you
make
sure
that
you
would
like
to
have
any
change
to
discuss
a
cup
of
the
points.
Would
you
would
you
would
you
mind
saying
again
which
points
would
you
like
where
else
to
discuss
so
then
we
don't
make
a
decision
that
we
might
have
to.
E
We
can
have
a
weekly
meeting
just
on
these
topics
and
I
just
make
it
clear.
I
don't
want
to
be
a
bottleneck
here,
I'm
just
playing
the
devil's
advocate
role,
so
I'm
kind
of
heads
up
and
make
sure
that
the
world
pictures
can
make
sense.
So
if,
if
you're
taking
decision
without
meaning
route,
that's
fine
that
that's
on
me
I
should
be
more
available
for
that
kind
of
topic.
So
it
should
be
an
issue.
E
So
that's
I,
don't
want
to
block
you,
but
if
you
want
to
talk
about
these
topics-
and
you
want
some
more
insights-
make
sure
that
it's
going
to
fit
with
some
other
things
that
what
we
do
insecure-
maybe
income
figure
or
whatever
I'm
here
I
used
to
use
my
time
I
will
be
athletes.
We
have
some
brainstorming
sessions
with
you.
If
you
want
to
30-day
desertion
that
you're
not
sure
about.
If
you
sure
that
that
die
is
the
right
solution,
I
will
trust.
You
listen.
C
A
So
I
say
so:
go
ahead.
It's
recorded
you're,
welcome
to
watch
it
and,
like
I
said,
if
you
want
to
sync
up
with
me
one
on
one
or
schedule
more
time,
I'm
more
than
happy
to
do.
It
sounds
good
thanks,
you,
okay,
so
that
being
said,
I'm
gonna
go
ahead
and
share
my
screen
here
before
I
go
into
the
details
too
much
I
want
to
say
a
few
things
one.
This
is
a
very
early
concept
right,
so
we've
got
this
that
we're
just
working
through
it
at
a
high
level.
A
So
there's
going
to
be
lots
of
holes
in
it
for
sure
you
know,
we
really
were
only
just
working
on
it
this
week.
I
don't
have
mocks
or
anything
like
that.
Yet,
and
the
other
thing
just
to
comment
on
this
before
we
dive
into
it
is
we're
designing
right
now
with
Andy
we're
trying
to
work
out
the
long
term
vision
like
where
do
we
want
policy
management
to
be
a
year
from
now,
and
then
we
can
take
that
and
back
into
you
know
how
do
we
get
there
iteratively?
A
A
The
initial
part
of
the
workflow
that
we're
thinking
about
is
policies
as
you
create
them
in
gitlab
would
be
tied
either
to
the
instance
group,
project
or
environment.
Now,
at
the
end
of
the
day,
policies
are
actually
applied
at
the
environment
level,
but
if
you
created
a
project
type
policy,
it
would
apply
to
all
of
the
environments
inside
of
that
project,
for
example,
but
it
applies
to
a
group
level
policy
would
apply
to
all
environment
in
all
projects
in
that
group.
A
So
it's
still
normalizes
down
to
the
environment
level
is
where
the
policy
is
actually
being
applied
at
the
end
of
the
day,
but
you
could
create
higher
scoped
policies
if
I
wanted
a
policy
to
be
applied
to
all
environments
across
my
entire
instance,
I
can
create
it
up
at
the
instance
level
and
have
that
push
down.
You
know
to
everything
in
my
entire
get
lab
instance.
So
that's
that's
really.
The
first
part
is
you
know
where
you
start
through
this
policy
creation.
A
D
A
So
the
instance
level
policy
would
be
applied,
no
matter
what
you
could
create
another
policy
to
add
to
that
behavior.
So
the
policies
are
additive,
I
think
the
only
time
there's
a
conflicting
action
is
in
like
allow
or
block
decisions,
and
in
that
case
the
block
action
would
take
precedence.
So
if
there
any
policy
anywhere
triggers
a
block
action,
then
it's
going
to
block,
regardless
of
the
other
policies
other
than
that
I.
Don't
think
there
is
any
conflict
in
the
actions
that
would
be
taken
by
the
policy
so
they're
purely
at
it
is
so.
A
A
The
next
part
is
we're
going
to
have
different
types
of
policies,
so
you
know
some
and
I'm
struggling
with
the
terminology
here.
So
that's
one
piece
that
we're
still
working
out,
but
a
real-time
container
policy,
someone
be
scheduled
to
scan
policies
or
things
like
your
malware
scans
or
your
vulnerability,
scans
or
even
scheduling,
secure
scans.
You
know
if
you're
writing
secure
policies
to
them.
You
know
in
the
pipeline,
that's
the
type
of
policy
that
you
would
create
or
get
lab
user
policy
which
would
be
like
Matt,
Matt,
Wilson
GED
a
category.
A
So
that's
out
of
scope
for
us,
but
we're
trying
to
design
this
in
a
way
that
you
can
have
lots
of
different
types
of
policy
in
here.
So
we
end
up
having
one
place
and
get
lab
to
be
policy
instead
of
five
type
policy
screens
and
then
the
way
it
would
work.
Is
it's
just
a
big
if-then
statement?
So
you
know
here:
we've
got
you
know,
rules
that
would
be
added
and
then
actions
that
can
be
taken
when
those
rule
conditions
are
met.
A
We've
got
key,
word
rules,
regular
expression,
rules
and
volumetric
rules.
We
can
add
to
that
list
in
the
future,
but
that's
just
sort
of
an
initial
starting
point-
and
you
know
in
here
you
would
just
craft
like
a
sentence.
You
know
if
network
traffic
is
inbound
or
outbound
to
the
cluster,
you
know,
and
you
know
were
or
the
main
space
if
it's
a
cilium
rule
and
one
or
more
keywords
are
found
anywhere
in
the
pork.
You
know
so
the
keyword
8088
down
in
the
port.
You
know
that
would
be
one
component
of
the
rule.
A
The
idea
is
that
you
could
have
lots
of
these
rules
that
you
can
combine
with
Am's
and
ORS.
So
you
can
say
you
know
if
the
port
is
8080
and
you
know
and
the
IP
address
is
you
know
this
IP
address
that
I?
Don't
like
then
block
the
traffic,
so
you
can
combine
multiple
rules
together
as
long
as
they're
of
the
same
type
and
then
more
applicable
for
what
you're
working
on
we
would
have
rules
like
you
know.
A
If
a
process
starts
in
a
container
and
you
know
associated
with
an
image,
you
know
container
that's
assertion
built
from
this
image
or
container
that's
part
of
this
namespace.
Maybe
you
would
have
other
criteria
here
to
filter
on
which
containers
you
want
to
trigger
on.
But
you
know
where
the
key
words
are,
this
it's
found
in
the
process
name
the
process
path,
the
hash
of
the
process.
Maybe
you
would
add
signature.
Even
if
the
process
is
signed
by
the
certificate,
then
it's
okay,
if
it's
not
the
block
it.
A
E
A
I
would
love
it
to
be
two-way,
so
that
you
know
out
of
this,
you
would
have
a
configuration
file
or
a
yellow
file
that
gets
generated,
and
you
could
either
edit
this
in
the
UI
and
it
would
generate
your
your
one
or
more
files
so
be
applied
to
the
technologies
or
you
could
edit
the
yamo
file
directly,
and
you
would
see
that
reflected
in
the
UI.
So
ideally
it
would
be
a
two-way
thing,
but
again
we're
designing
for
the
end
state
I
understand
that
we
may
not
get
there
immediately.
A
A
A
So
you
know
the
allow
our
block
would
be
required
based
off
of
if
the
rules
that
you
have
in
your
if
portion
of
the
statement,
so
you
know,
if
you
have
a
network
traffic
rule,
then
you
need
to
say
either
allow
or
block
the
network
traffic.
You
have
to
pick
one
of
the
others,
so
these
would
be
required
rules
depending
on.
What's
in
the,
if
part
of
the
sentence,
these
would
be
optional
rules
that
can
be
added
on
as
well,
so
I
want
to
also
generate
a
blog,
also
generate
alert.
A
Maybe
I
also
want
to
block
this
IP
address.
You
know
add
this
to
my
list
terminate
the
pod
you
know
and
so
forth.
You
know,
send
an
email
message.
We
could
add
to
this
list
as
time
goes
on,
but
this
is
a
work
in
progress.
I
mean
I
was
working
on
this.
Even
this
yesterday,
so
I'm
sure
there
are
things
here
that
we're
still
missing,
but
I
just
wanted
to
communicate
the
high
level
concept
around.
What
we're
thinking
for
policy
management.
A
A
D
A
So
I
mean
I,
don't
want
to
speak
too
much
to
the
implementation
details.
I
know,
Arthur's
thinking
he's
going
to
need
to
start
saving
these
to
the
gate
lab
database.
At
some
point
you
know
what
the
format
of
that
is.
If
he's
just
saving
that
llamo
or
you
know
what
that
looks
like
I,
don't
know
that
that's
all
been
defined.
So
you
know
that's
still
something
that
we
need
to
figure
out.
Okay,.
D
A
E
While
your
assertion,
police
and
just
want
to
jump
on
that
fight
in
the
Russian
discussion,
because
in
Iran
I'm,
a
big
advocate
of
adding
fives
in
the
end
or
good
reason,
is
the
problem.
One
of
the
problems
that
we
have
introduced
with
the
UI
configuration
is
that
we
don't
control
exactly
whistling.
What's
introducing
not
only
some
permission
issues
the
relation
issues,
but
also
tracking
logging,
et
cetera,
who
is
doing
what
is
getting
a
problem?
E
Lift
up
that
program
insecure
already
and
having
five
would
be
a
good
way
to
overcome
this
kind
of
limitations
that
the
UI
has
like.
If
we
have
done
in
the
UI
and
in
the
end,
that's
going
to
be
five.
So
the
outcome
of
this
is
merge
request
where
this
mod
request
is
going
through.
The
wall
walk
through
that
you
have
usually
in
your
project,
and
you
have
your
sit,
because
you
have
everything
to
track
that
we
have
all
the
permissions
and
if
that
file
is,
for
example,
a
single
name
file.
E
We
can
add
that,
in
the
code
owners,
for
example,
make
sure
that
someone
specific
and
in
the
team,
like
the
security
champion,
is
required
to
approve
any
change
to
that
file,
so
be
doubts.
A
lot
of
Earth's
are
without
a
lot
of
work.
We
can
use
what
we
have
already.
We
can
leverage
what
the
existing
achiever
of
this
and,
in
the
end,
what
the
only
thing
that
we
have
to
do
is
this
UI
to
generate
the
file,
just
not
too
much
work
in
yet,
and
we
could
detect
that
file.
E
Just
to
finish
that
we
could
detect
you
know
pipeline.
We
have
rules
over
systems.
Now
in
the
pipelines
we
can
create
a
rule
saying
if
that
file
is
changing
them
run
this
job.
We
can
have
that.
The
only
limitation
that
we
have
with
this
is
we
don't
have
this
job
in
the
user
pipeline
generally,
so
we
might
have
to
create
some
other
pipelines.
That
would
be
only
for
us.
This
is
something
that
I
could
go
spike
lines.
E
I
invite
you
to
take
a
look
at
the
issue
its
serving
in
the
Dodge,
we'll
put
that
in
the
chat
as
well.
That
could
be
a
solution
having
a
way
to
run
pipelines
for
the
user
without
flooding
the
users,
without
showing
these
pipelines
all
the
times,
it
could
be
used
for
malware
scanning
for
all
the
junk
things
that
we
need
to
do
in
background.
A
Yeah,
so
you
might
want
to
talk
with
Arthur.
You
know
on
that
and
how
he's
what
his
thoughts
are
and
architecting?
This
was
policy
management
in
the
back
end,
yeah
I
would
just
encourage
you
to
talk
with
him
and
you
know
never
got
out.
You
know
again
from
the
users
perspective
Yoshi,
so
here's
a
mock
that
Becca
created
and
it
obviously
does
not
have
like
the
full
workflow
that
we're
designing
out
here,
but
it
shows
that
you
know
as
you're
editing
things
in
the
UI.
That
would
be
reflected
as
well.
A
You
know
so
that
you
can
see
the
code
and
the
UI
side
by
side,
and
ideally
you
would
be
able
to
edit
the
code
and
hit
validate
rule
and
have
that
populate
the
UI
or
you
can
edit
UI
and
have
that
populate
the
code.
So
it
you
know
in
a
perfect
world
that
would
go
both
ways,
and
you
know
if
I
logged
into
kubernetes
directly
and
created
a
policy
outside
of
get
lab.
You
know
bypass,
get
lab
whenever
I'm
get
loud
put
something
in
kubernetes,
a
better
policy
manually
to
a
farmer
or
what
have
you?
A
Ideally,
we
would
be
able
to
read
that
policy
in
and
also
just
show
it
in
our
list
of
policies.
You
know
it's
not
going
to
be.
It
would
just
be
like
an
environment
level
policy
by
default,
because
you
know
we
haven't
tied
it
to
the
instance
or
group
level
or
anything
like
that,
but
we
should
be
able
to
read
that
policy
and
it
display
it
as
well.
A
So
you
know
again
long-term
vision
here,
but
I
would
love
for
it
to
be
able
to
go
both
ways
so
that
they
can
pick
how
they
manage
their
policies
and
they
may
have
multiple
files
here
to
write,
because
we've
got
different
configurations
for
cilium
versus
a
farmers,
so
they
may
end
up
with.
You
know
a
separate
file
for
each
and
that's
okay.
If
you
know
the
text,
editor
is
technology-based
as
long
as
the
UI
piece
is
use
case
focused
you.