►
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
You
sound
from
everyone
to
our
containers.
Security
group
me
just
to
kick
things
off.
We've
got
a
number
of
items
that
were
wanting
to
either
put
through
the
planning
breakdown
process
or
start
discussing
in
preparation
for
planning
breakdown,
so
the
first
one
is
containing
their
host
and
security
statistics
discuss
this
one
a
little
bit
last
week.
You
now
have
designs
from
Kyle,
and
so
in
this
the
plan
is
to
add
a
new
screen
to
our
overview
tab
in
the
threat
monitoring
page.
Are
you
going
to
share
your
screen
screen
here?
Yep?
A
And,
along
with
this,
we're
making
a
few
UX
changes
just
because
it
starts
to
be
a
little
bit
unscalable,
once
you've
got
three
really
large
graphs,
taking
up
a
lot
of
vertical
space.
So,
even
though
we're
adding
another
graph,
we
are
also
are
tweaking
some
of
the
other
charts
in
here
to
make
them
smaller.
A
As
Kyle
pointed
out,
we're
changing
the
legend
to
make
that
a
little
bit
smaller
and
more
consistent
with
our
style
guide.
We're
going
to
update
the
headers
to
the
proper
capitalization
there
and
we'll
have
a
new
state
MP
state
for
container,
whose
security
and
then
lastly,
we'll
be
adding
in
the
container
host
security
graph
or
chart
in
here
and
the
metrics,
for
that
will
be
total
activity
evaluated
or
inspected
and
then
%.
What
percent
of
that
was
anomalous
activity?
A
C
A
So
I'm
viewing
everything
that
we
put
under
our
architecture
for
container
her
security
is
really
one
thing,
at
least
in
the
way
that
we
present
it
to
users,
we're
not
going
to
break
it
out
and
say
this
is
a
farmer,
and
this
was
falco.
So
the
principle
here
is
any
activity
that
were
able
to
monitor
or
inspect
that's
what
we
want
to
count
towards
the
total
activity
and
any
activity.
That's
identified,
as
you
know,
via
policy,
is
something
that
would
be
potentially
bad.
A
A
You
know
one
of
the
other
products
that
we've
got
here
is
what
about
location
firewall
inspecting
all
of
the
traffic
as
it
goes
through,
but
then
you
can
write
policies
that
identify.
You
know
anomalous,
traffic
that
you
want
to
log
or
then
you
know,
take
further
action
on
the
other
longer
block.
So
I
expect
it
to
be
the
same
here
where
you
know
the
total
activity
is
just
you
know,
all
activities
that
were
capable
of
monitoring,
whereas
anomalous
activity
would
mean
that
somebody
sat
down
and
took
the
time
to
write
a
policy.
A
You
know
specifically
to
either
longer
block
that
activity,
so
we
do
want
to
be
careful
to
not
double
count,
because
we
do
have
lots
of
technologies
in
place.
So
if
Falco's
sees
something
and
a
farmer
sees
the
same
thing,
you
know
we
don't
want
that
account
as
to
that
should
really
just
be
one
one
activity
between
the
two.
That's.
C
That's
good
one
thing
in
there
is
is
in
order
to
show
that
it
implies
that
the
counters
that
we
see
we
can
determine
whether
it's
anomalous
or
not.
So
if,
if
we
have
the
counters,
but
we
can't
determine
anomalous
versus
not
anomalous,
then
we
wouldn't
be
counting
it
there
right
so
through,
for
example,
ya
gone
yeah.
A
C
Arthur
will
probably
know
more
than
me
here,
but,
for
example,
app
app,
armor
I
think
he
can
meet
a
lot
of
audits
in
a
in
a
in.
What
is
it
called?
Is
the
unrestricted
mode
or
uncontained
supply
that
it
doesn't
necessarily
mean
it's
anomalous.
It's
just
collecting
that
information
and
if
we
don't
have
a
policy
that
that
sort
of
filters
or
identifies
what
what's
good
or
bad,
that's
an
extra
step
that
needs
to
happen
there
for
us
is
that
does
that
make
sense,
Arthur
or
am
I
worrying
about
things
that
I'm
not
really
real
problems.
D
C
A
Okay,
so
the
next
one
so
planning
breakdown
I
know
we
have
a
number
of
items
to
get
through
today
is
the
container
host
security
controls?
I,
don't
have
designs
for
this
and
I
wanted
to
ask
you
feel
like
we
need
designs
for
this
I
mean.
Obviously
we
need
to
work
out
the
exact
text
let's
put
in
here,
but
I
I
mean
this
is
pretty
well
in
line
with
everything
else.
A
A
C
So
I
just
think
that
they're
already
things
sort
of
in
flight
that
belong
in
here.
A
A
C
Why
I
brought
it
up
just
to
make
sure
that?
If
because,
if
we
were
doing
as
I
I,
think
I
created
this
issue,
if
we're
doing
that
as
part
of
the
of
the
active
response,
and
now
it's
got
an
overlap
with
a
different
epoch,
at
least
make
sure
there
that
it's
an
incremental
delivery
towards
the
same
direction
that
we're
not
going
separate
paths
or
maybe
just
unify
them
and
make
them
the
same
one.
Just
calling
it.
C
A
B
C
A
A
But
again,
just
to
be
explicit
and
so
I
can
show
it
here.
You
know
just
like
everything
else
in
this
page
you've
got
a
description.
You
know
in
an
install
uninstall
button.
I
would
expect
it
to
work
similar
to
this.
It
would
have
a
get
lab.
You
know
icon
since
we're
using
that
for
all
of
our
items
now,
and
you
know
you
would
just
have
a
basic
install
uninstall
button.
Probably
this
Prometheus
one
is
the
best
one
to
look
at
as
a
template.
Only
replace
that
icon
with
a
get
wild
on.
D
D
A
Yeah
I
mean
that
it's
unfortunate
because
it's
more
difficult
user
experience
but
I
think
that's
okay,
you
know
if
it
at
least
shows
the
state
installed
or
uninstalled,
then
it
still
helps
to
give
it
a
place
in
the
UI
and
raise
visibility
and
awareness
as
to
what's
there.
So
if
you're
not
able
to
actually
do
the
installer
and
installed
and
I
guess
this
changes
slightly
from
you
know
actually
allowing
them
to
install
and
on
this
all
is
really
it's
just
pointing
them
to
the
documentation
and
providing
some
visibility
around
the
current
state.
A
We
did
have
Kyle
on
myself
and
he's
not
able
to
attend
to
teach
in
a
different
time
zone
right
now,
but
just
a
few
questions
that
we
had
as
we
started
to
work
through
this.
You
know
here's
sort
of
a
rough
wireframe
for
it
does
it
make
you
know
one
question
we
had
was:
does
it
make
sense
to
show
this
cluster
column?
My
understanding
is
that
you
know
for
all
of
our
technologies
or
wack.
You
know
container
hose
security,
continuing
network
policies,
all
of
those
are
specific
for
an
environment
and
also
a
cluster
and
I.
D
I
would
say
there
is
no
reason
to
show
cluster,
because
each
environment
can
only
have
one
cluster
and
like
they
try
to
abstract.
The
infrastructure
itself
is
environment
everywhere,
no
UI,
so
showing
cost
is
not
very
much
information.
At
the
same
time.
Just
takes
quite
a
bit
of
space
I'm
a
bit
confused
on
this
particular
screen:
environment,
drop-down,
but
the
same
time
environment
in
the
table.
Is
it?
D
D
D
D
Can
have
multiple
environments
you
can
think
about
the
ones
like
production
or
staging
some
other
like
d-boy,
for
the
review.
Have
that,
like
we
use
environments,
was
that
so
which
projects
can
have
multiple
environments,
environments
goals,
just
one
deployment
platform,
which
in
most
cases
is
a
Cuban
it
as
far
as
and
then
each
environment
will
go
into
specific
namespace
that
we
generate
and
deploy
the
best
current.
If
the
reason
about
it
is
probably
operations,
environments,
I,.
D
A
A
D
A
Well,
yeah
so
also
I,
wonder
if
we
only
show
environment
could
we
run
into
a
scenario
where
the
names
are
identical,
like
you
have
a
production
environment
in
cluster,
a
and
a
production
environment
and
cluster
B,
and
you
know
just
showing
the
environment
is
not
enough
to
identify
which
environment
it
is.
If
you
have
the
same
name
across
multiple
clusters,
know.
D
Names
of
the
environments,
how
unique
the
project-
in
this
case
it's
not
possible
to
have
two
production
environments
in
a
single
project.
You
can
only
have
two
production
environments
on
the
same
cost.
Only
different
projects,
because
you're
like
alerts
tab
is
per,
is
scope
by
project.
It's
not
possible
to
have
multiple
environments,
use
the
same
name
got
it.
Okay,.
A
C
A
A
It
is
probably
where
it's
noting
that
four
deaths
are
initially
the
only
alerts
that
we'd
be
sending
in
would
likely
just
be
psyllium
alerts
in
a
similar.
Now,
we've
kind
of
taking
the
lead
on
policies
with
psyllium
soem
is
just
further
along
than
all
of
the
other
technologies.
So
you
know
to
start
off.
We
would
extend
the
policy
management
workflow
to
let
you
be
able
to
create.
You
know
an
action
of
sending
an
alert,
and
then
we
would
also
let
you
know
just
add
that
alert
show
up
here.
A
A
All
right!
Well,
if.
A
B
C
A
A
A
C
B
D
C
D
A
D
Problem
is
that
we
just
can't
hook
up
to
city
I
mean
it's
something.
I
could
be
so
little
card
like
an
edge
into
something
that
will
monitored
Silom
and
then
or
I
trigger
stuff
in
our
database.
So
we
have
not
done
that
before
and
it's
a
bit
of
fun,
I
guess
slow
down.
There
is
expected.
Maybe
we
can
align
with
some
restoration
work
is
being
done,
but
it's
progressing
pretty
slow,
so
I'm
not
as
helpful.
So
we
probably
need
to
do
something
ourselves.
A
D
The
gun
needs
something
similar,
because
Hubble
is
essentially
a
stream
of
data.
You
can
subscribe
to
certain
things,
but
because
it's
not
like
processed
and
they
obviously
needed
a
special
format
before
put
into
the
database.
We
need
something
like
some
kind
of
code
that
will
transform
table
events
into
alerts.
As
per
our
definition,
I
guess,
agents
that
extraction
is
working
on
could
be
a
convenient
place
for
that,
because
it's
already
being
deployed
to
the
Coster,
but
they
still
in
early
stages
and
I,
wouldn't
put
us
as
a
dependency
for
them
right
now.
D
Yeah
I
think
it's
just
a
technical
details.
They
can
do
this
crane,
but
they
obviously
need
to
like
subscribe
to
Kabul
events
across
this
confidence
in
some
form.
Creator
database
model
in
our
called
in
Qatar
project
and
then
put
the
protest
events
into
our
database,
so
they
can
be
presented
in
the
screen
and
then
obviously,
once
is
done.
We
can
just
do
a
simple
front-end,
stuff
or
work
on
their
database
table.