►
From YouTube: Fireside chat with Sysdig - Dan Papandrea and Loris Degioanni (Sysdig) | OpenShift Commons Briefing
Description
Fireside chat with Sysdig
Dan Papandrea and Loris Degioanni (Sysdig)
OpenShift Commons Operator Hour
OpenShift Commons
October 14, 2020
A
Welcome
welcome
to
this
openshift
commons
briefing
as
we
do
on
wednesdays.
We
talk
to
folks
who
have
built
certified
operators
and
sysdigg
has
been
one
of
the
very
early
adopters
of
the
operator
framework
and
the
operator
pattern
for
using
their
their
tooling
on
openshift
and
kubernetes
in
general,
and
we
are
thrilled
today
to
have
one
of
our
favorite
folks,
dan,
otherwise
known
as
pop
pop
andrea
and
we're
going
to
do
something
a
little
different.
A
We're
going
to
have
dan,
who
is
well
known
for
doing
great
interviews
and
his
own
pop
cast
interview,
loris
diazioni
and
we'll
figure
out
just
where
everything
is
going
with
systig
and
falco,
and
talk
a
little
bit
about
securing
and
observing
kubernetes
and
where
the
future
is
taking
us
with
cystic.
So
take
it
away
and
let's,
let's
do
some
more
and
deeper
interjections
than
than
that.
B
C
Sure
my
name
is
loris,
I'm
the
founder
and
ceo
of
csd,
this
vegas,
the
secure
devops
company,
and
we
offer
visibility
and
security
products.
We
were
born
as
an
open
source
company
and
we
apply
deep
visibility
to
offer
essentially
security
products
and
visibility.
Products
for
kubernetes
cloud
native
and
and
containers.
B
And
taking
off
the
podcast
and
putting
on
I'm
the
field
cto
at
systig,
and
I
work
with
loris
and
strategic
accounts
and
strategic
partners
like
red
hat,
to
bring
your
dreams
when
it
comes
to
observability
and
security
and
visibility.
In
your
tools
to
fruition,
I
was
employed
20,
I
think
of
cystic,
and
I
remember
that
interview
like
it
was
yesterday.
B
It
was
you
know
I
interviewed
with
loris
and
it
was
really
a
great
time,
but
I
think
we
should
kick
it
off
loris
in
terms
of
I'm
sorry
did
you
want
to
say
something.
C
B
C
Yeah
sure
so
this
dig
started
in
it
around
2014
it's
my
second
company.
My
first
company
was
called
the
ace
technologies
and
was
the
commercial
entity
behind
an
open
source
network.
C
Analyzer
called
washing
if
you've
er
people
in
the
audience
have
done
networking
impecca
capture,
they
might
have
heard
about
wireshark,
very
popular
project
that
I
started
contributing
to
when
I
was
very
very
very
early
on
when
I
was
a
student
at
a
university
in
italy,
so
I've
done
essentially
open
source
since
1999
when
open
source
was
still
something
weird.
You
know
very
different
from
today,
and
the
first
company
was
acquired.
C
I
started
in
2005,
it
was
acquired
in
2010
by
a
bigger
company
called
riverbed,
and
at
the
time
we
were
doing,
we
had
a
pretty
sophisticated
product
suite
for
visibility
and
performance
management
of
applications
based
on
network
packets,
which
is
what
I've
done.
My
my
old
career
before,
which
was
great
but
clearly
the
work,
was
changing.
You
know
the
world
was
moving
to
our
cloud.
Aws
was
starting
becoming
popular.
C
A
little
company
called
the
dot
cloud
was
renamed
into
docker
and
the
old
revolution
you
know,
of
which
we
are
part
today,
was
really
at
the
at
the
very
beginning,
and
it
was
clear
that
this
was
one
of
those
major
shifts
in
in
80,
and
this
dig
essentially.
C
Started
with
the
idea
of
applying
the
same
visibility,
the
same
richness
data,
the
same
context
that
you
could
get
with
packets
in
the
previous
generation,
and
you
couldn't
anymore,
because
you
cannot
use
the
spam
port
of
the
router
when
you're
renting
instances
from
aws.
You
cannot
capture
packets
when
you
have.
You
know
like
500
containers
running
on
on
a
single
machine
and
there's
you
know
no,
no,
no
place
on
the
on
the
network
to
get
what
what
these
containers
are
doing.
C
So,
from
one
point
of
view,
packets
are
rich
in
information
very
versatile
and
allow
you
to
like
in
a
very
horizontal
way.
You
just
sit
somewhere
on
the
network,
and
you
see
everything
I
used
to
say.
Packets
never
lie
you
know,
but.
A
C
Do
you
do
that
in
the
world
of
containers,
orchestration,
kubernetes,
openshift
and
in
a
general
way,
you
know
modern
cloud-based
applications
and
essentially
we
started
the
company
with
the
with
that
in
mind.
If,
essentially,
the
question
was,
if
you
could
start
with
a
blank
sheet
of
paper
and
really
create
the
solution
that
is
perfectly
tailored
to
the
new
world
of
of
contagions
in
and
also
orchestrated
containers,
what
would
you
create?
C
How
would
you
approach
this
from
the
technical
point
of
view
and
and
that's
how
our
original
technology,
based
on
capturing
system
calls
with
containers
in
kubernetes
context,
actually
even
before
kubernetes,
so
orchestrator
context
was
was
born
and
and
now
you
know
in
2020,
I'm
here
doing
this
interview
and
talking
to
you
bob
and
quite
quite
quite
a
bit
has
changed
and
quite
a
bit
has
grown
both
in
the
ecosystem
and
and
it's
his
dig.
B
Awesome
and
and
again
from
this
basis,
I
think
let's
talk
about
like
what
is
cystic
now
in
terms
of
like
you
know,
specific
use
cases
that
you
know.
I
could
talk
about
a
couple
if
you'd
like,
because
you
know
you
and
I
have
worked
on
some
of
these
use
cases
with
you-
know
the
product
teams
and
also
like
the
implementing
teams
and
all
of
that.
But
there's
a
couple
that
come
to
mind
that
you
can
say,
like
you,
use
specific
use
cases
around
systick.
C
Yeah,
absolutely,
and
by
the
way
yes
feel
free,
then
to
interject
here,
because
you
spend
a
lot
of
time.
Essentially
talking
to
you
know,
end
users.
B
C
Typically,
I
like
to
when,
when
I
describe
what
cystic
does
I
like
to
use,
rewards
build,
run
respond.
This
is
a
essentially
I
I
like
to
to
to
describe
it
that
way,
because
it's
like
in
life
cycle
of
modern
applications
is
probably
one
of
the
things
that
is
changing
the
most.
You
know
compared
to
what
we
were
doing
before,
with
monolithic
applications
running
on
physical
hardware
or
virtual
machines
and
releases
that
were
happening.
You
know
every
six
months
or
every
year,
or
something
like
that.
C
Now
we
essentially
all
develop
applications
through
a
pipeline
right
using
ci
cd
and
in
following
typical.
You
know,
like
opinionated
flaws
that
go
from
you
know
your
the
code
in
your
laptop,
a
git
repository,
typically
building
container
images
that
go
into
some
some
image.
C
And
then
these
images
go
and
are
picked
by
an
orchestrator
and
implement
applications
that
run
in
production,
and
there
are
steps
and
gates
and
in
process
processes
here
that
are
different.
C
You
know
for
every
organization
and
for
every
everything,
but
also
have
stuff
in
common
at
the
build
stage,
it's
important
to
make
sure
that
we
shift
left
as
much
as
possible
that
our
code,
our
containers,
our
components,
are
validated
for
functionality
and
especially
for
security
before
they
move
forward
in
the
pipeline,
and
they
go
they
go
to
the
next
stages
of
the
of
the
pipeline,
and
here,
for
example,
container
image,
scanning
validation,
configuration
checking,
are
all
things
that
are
very
important
and
then
sysdig
does.
Then.
Typically,
our
images
are
run.
C
You
know
they
can
be
run
into
a
development
environment.
They
can
be
run
into
a
test
environment,
they
can
be
run
into
a
production
environment.
Typically,
these
environments
have
different
profiles
and
different
properties,
but
they
share
the
need
of
you
and
your
team
being
able
to
first
of
all
understand
what's
happening.
So
insights
and
visibility
is
really
the
key
here
and
then
protection,
especially
if
the
containers
are
run
in
in
production,
environment
and
runtime
protection.
C
We
are
seeing
becoming
more
and
more
important
and
sistig
is
focused
here
strongly,
not
only
from
the
commercial
point
of
view
view,
but
from
the
open
source
point
of
view
through
our
tool
that
we
that
now
is
part
of
the
cncf
incubation
stage.
Falco
and
falco
is
really
we'll
talk
a
little
bit
about
that
later.
Maybe.
But
it's
really
like
the
defect
of
a
solution
for
runtime
security
and
entire
protection
for
containers
and
then
go
ahead.
Then.
B
No,
it's
just
going
to
say
I
mean
in
terms
of
you
know,
going
back
to
the
builder
on
respond,
I
mean,
if
you
look
at
this
from
you,
know
the
image
scanning
as
a
step,
one
right
and
you're.
You
know
bringing
these
apps
in
production.
You
really
need
to,
and
I
was
on,
openshift
live
with
chris
short
before
and
and
we
ran
through
that
whole
process.
B
Right
this
whole,
you
know
from
build
all
the
way
to
you
know,
to
to
the
run
and
for
you
know,
from
a
forensics
perspective,
and
then
this
postmortem
capability
right,
so
even
from
like
container
like
forensic
use
cases
and
again
I
you
know-
I
mentioned
this
very
large
investment
bank
that
you
and
I
spent
a
lot
of
our
time
together.
You
know
initially
trying
to
like
prove
out
the
value
of
cystic.
There
was.
B
You
know
this
use
case
where
you
know
they
wanted
to
have
you
know,
visibility,
but
then
also
have
you
know
to
build
like
new
rule
sets
without
having
to
involve
the
vendor
right.
You
know
so
things
like
building
miter
attack
framework,
so
those
use
cases
is
super
super.
You
know
high
in
terms
of
somebody
touching
a
director
understanding
what
they
did
in
this.
You
know
you
talked
about
this,
you
know,
sys
calls,
don't
lie
right,
be
in
a
container
and
be
able
to
have
this
and
they're,
not
black
boxes
anymore.
B
C
Yeah
and
you
were
saying,
cisco's
never
lie.
Actually,
I
said
I
said:
originally:
packets
never
lie
but
you're
right.
It's
called
these
calls
never
lie
and
they
lie
even
less
because
they're
closer
to
the
application
right.
So
let's
stop
for
for
a
second
about
what
we
mean
by
syscalls.
C
A
system
call
is
every
time
you
are
running
an
application,
a
process,
a
container
on
a
linux
box,
but
not
only
linux
any
operating
system.
These
applications
need
to
do
something
other
than
just
computing
right.
C
They
need
to
talk
to
the
external
world,
they
need
to
establish
communications,
they
need
to
read
and
do
input
output
from
files,
so
there's
a
bunch
of
stuff
that
is
that
is
going
on,
and
typically
this
requires
the
intervention
of
the
kernel
of
the
operating
system,
because
reading
a
file
essentially
for
an
application
involves
telling
the
kernel
okay,
he
open
this
file
and
give
me
the
content
of
this
file.
All
of
these
is
system
calls.
C
So,
essentially,
the
core
technology
behind
csd
involves
taking
these
system
calls
finding
clever
ways
to
capture
them
in
a
way
that
is,
from
one
point
of
view,
super
granular,
but
also
a
very
horizontal.
So
you
don't
have
to
worry
about
instrumenting,
every
single
container,
linking
libraries
to
your
application
and
stuff
like
that,
but
you
just
essentially
through
a
number
of
different
ways,
tell
essentially
the
operating
system.
C
Okay,
I
would
like
to
get
all
of
this
data
in
a
very
efficient
way,
give
it
to
me
and
then
you're
able
to
understand,
essentially
all
everything
that
any
single
application
does
in
terms
of
data,
and
you
know
what
data
is
is
is
is
accessed
and
what
is
read
and
what
is
written
in
terms
of
network
communications
in
terms
of
users,
what
they,
what
they're
doing,
because
every
time
a
user
executes
a
command
changes
the
configuration
logs
in
somewhere.
C
This
generates
distance
calls
that
are
like
the
footprints
you
know
and
and
by
looking
at
these
footprints.
We're
able
to
reconstruct
everything
so
pekkas,
never
lie
system
calls
never
lie.
B
C
Yeah,
I
already
said
multiple
times
that.
C
We
do
assistive
was
inspired
by
our
previous
life
in
with
packets,
right
and-
and
this
is
true
for
falco
as
well
as
I
was
saying.
Falco
is
the
defector
tool
for
runtime
security
in
kubernetes
and
falco
is
able
to
sit
on
a
host,
get
this
granular
system
called
insights
into
every
single
process
and
therefore
every
single
container
running
on
the
on
the
toast
and
takes
all
of
this
stream
of
system
calls
that
can
be.
C
You
know,
hundreds
of
thousands,
sometimes
millions
per
second
and
puts
a
rule
engine
on
top
of
that,
so
that
you
can
essentially
be
notified
based
on
conditions
or
anomalies
that
happen
on
this
stream
of
system
call
said.
C
It's
a
little
bit,
you
know
like
harsh
and
technical.
B
Right
so
I
mean,
if
we
boil
it
down
to
like
what
it
does
and
what
does
it
address?
That's
the
big
thing
because
it
does
like
and
again
it's
so
hard,
it's
so
hard,
because
this
thing
does
so
many
amazing
things,
but
let's
just
boil
it
down
to
like
what
are
the
pain
points
of
what
it
does
like
what
you
know.
What's
the
pain
points,
what
does
it
address
right.
C
Yeah
so
with
falco
you're
able
to
be
notified
at
runtime
as
stuff
happens,
of
a
arbitrary
number
of
anomalies
that
happen
on
your
kubernetes
cluster.
Let
me
give
you
examples.
I
don't
know
somebody
is
gained.
You
know
access
to
one
of
your
containers
and
is
executing
something.
C
Data
is
stolen
and
exfiltrated
from
your
infrastructure
and
people
are
changing
your
configuration
to
do
something
with
your
cluster.
Somebody
has
just
started.
You
know
a
set
of
big
bitcoin
miners
in
your
infrastructure.
These
are
examples
of
stuff
that
falco
can
detect.
Of
course,
you
know
it's
much
bigger
than
that.
We
have
a
rule
set
with
under
the
other
address
of
rules
now
that
are
essentially
driven
by
the
community,
but
this
gives
you
a
flavor.
C
Essentially
falco
is
like
very
often
I
compare
falco
to
the
security
camera
for
your
kubernetes
cluster
right,
it's
very
important
when
you,
when
you
have
you
know
a
a
house,
a
piece
of
property
that
you
that
you
care
about.
You
have
locks
at
the
door
and
you
know
kubernetes
you
you,
you
can
implement
locks
in
different
ways
through
admission
controllers,
through
network
policies
through
all
of
this
kind
of
kind
of
stuff.
That
essentially
allows
you
to,
like.
I
don't
know,
block
some
somebody
from
entering
right.
C
That
mission
controller
prevents
an
image
from
entering
your
cluster
and
that's
you
know
like
like
the
lock
on
your
door,
but
once,
but
you
still
want,
even
if
you
have
good
locks,
a
security
camera
that
allows
you
to
understand
if
somebody's
snuck
in
maybe
from
the
window,
you
know
maybe
from
the
chimney,
hopefully
in
senna,
you
know,
but
at
the
same
time
you
need
to
understand
if
something
managed
to
get
in
in
a
way
that,
maybe
you
don't
expect
and
if
somebody
got
in
you
need
to
understand
essentially
what
they
did
and
that's
what
falco
does
you
deploy
falco
through,
like
a
demon
set
or
through
a
head
through
a
hem
chart,
it
goes
to
any
configuration
start.
C
B
And
you
know
what
I
love
about
it.
The
falco
rule
set
is
a
good
basis
right,
but
there's
events
and
there's
rule
sets
and
there's
outputs
that
you
can
do
like
you
can
output
as
grpc.
You
can
do
it
as
json
output.
As
http
I
mean
that's
the
beauty
of
it
and
again
it's
because
it's
an
open
source
project.
B
If
there's
something
you
want
to
contribute
to
which
again
everybody
out
there
go
to
falco.org,
we
have
a
slack
as
well
contribute
to
falco
there's
a
lot
of
cool
stuff
that
we're
doing
with
you
know:
people
in
the
community
I
mean
just
the
other
day,
we're
working
one
of
our
people
lorenzo
was
working
with
alex
ellis
to
help
do
like
arm
64
support,
which
is
crazy.
You
know
like
for
falco.
B
It's
you
know
playing
around
with
this
stuff
and
just
getting
involvement
from
the
community
makes
our
product
better,
very
much
the
same
as
our
our
lovely
host.
Here
today,
from
red
hat,
I
mean
that's,
you
know
how
the
the
whole
open
source
ecosystem
starts.
Is
you
know
people
contributing
to
the
things
that
they're
passionate
about
yeah
yeah?
That's
why
I
put
you
off
there
yeah.
C
No
yeah
absolutely
and
yeah
from
I.
I
believe
that
the
tool
like
falco
really
fits
well
the
the
dynamic
of
having
a
community,
because
if
you
look
at
what
falco
does
and
by
the
way
we're
talking
about
packets
when
started
falco,
I
was
inspired.
I
don't
know
for,
for
the
older
people
in
the
audience,
buy
tools
like
snort
or
or
suricata
or
bro,
so
intrusion
detection
systems.
C
You
know
for
for
for
network
packets,
and
I
you
know,
I've
been
in
the
in
the
space
for
long
enough
to
witness
essentially
how
well
the
model
the
model
of
having
a
powerful
efficient
religion
have
fit
with
the
community,
because
once
you
have
an
engine
that
is
flexible,
that
we
maintain
essentially
as
a
core
maintainer
team
that
can
be
deployed
easily
and
that
you
can
trust
in
terms
of
performance
and
flexibility
and
integrations
with
with
the
rest
of
the
ecosystem.
C
From
this
point
of
view,
we
can
compare
it
a
little
bit
to
oppa
right,
which
is
a
generic,
essentially
policy
engine,
and
then
you
can
customize
it
for
for
your
needs,
but
this
custom
customization
nature
also
generates
contributions
from
the
community,
which
means
that
you
will
be
guaranteed
that
your
security
camera
always
has
the
best
detections,
because
you
have
a
whole
community
of
people
that
be
detections
for
themselves
by
customizing
it,
but
then
contribute.
C
For
example,
recently
I've
been
involved
personally,
it's
it's
always
been
a
passion
of
mine
on
the
rule
engine
you
know
and
try
to
find
optimizations
for
the
real
engine,
but
at
the
same
time,
while
I
do
that-
and
I
go
very
deep-
a
user
can
really
come
and
be
part
of
the
community
and
contribute
just
by
you
know,
creating
a
rule
for
like
a
specific
pci
compliance
check.
You
know,
and
and
that
will
become
a
benefit
for
the
rest
of
the
community
and
then
check
after
check
after
check
falco
becomes.
C
B
Ahead,
I
mean
my
belief:
is
it's
the
de
facto
kind
of
tool
for
runtime
security
on
kubernetes,
openshift
and
just
in
in
general?
That's
that's,
that's
you
know,
I
I
believe
it
and
you
know
I
think
we
got
some
questions
from
the
undyne.
Is
that
what
you're
coming
out
to
remind
me
about
the
questions.
A
Here
I
was
yeah,
I'm
not
so
sure
how
my
bandwidth
is
so
tell
me
if
I'm
right,
but
actually
one
of
the
things
that
I'm
I'm
curious
about
too
is
and
the
thing
that
systig
and
falco
save
us
all
who
are
deploying
containers
and
applications
and
services
on
kubernetes
and
other
places
is,
is
working
with
the
compliance
officers
and
because
historically,
that's
where
you
have
to
build
the
trust
in
order
to
be
allowed
to
deploy
your
your
applications
and
your
services.
A
And
so
I
think
one
of
the
things
that
sysdig
has
done
for
us
in
the
community
is
giving
us
a
way
to
build
that
trust
with
the
I.t
audit
and
the
compliance
officers.
And
if
that
that
has
been
the
besides
the
fact
that
you're
doing
all
this
wonderful
stuff
in
the
open
source
world
that,
if,
if
you
didn't
cover
our
behind
for
that
aspect
of
deploying
applications,
we
would
be
have
to
be
doing
it
ourselves
and
and
that's
a
real
heavy
lift
to
do
without
something
like
cystic.
A
So
that's,
I
think,
one
of
the
huge
value
propositions
for
your
corner
of
the
market
and
that
you've
done
us
a
huge
service
and
so
that
that,
for
me
I
love
the
packets,
never
lie
and
cis
calls
never
lie.
I'm
not
sure
we
can
prove
that,
but
maybe
you
guys
could
so
that
that's
it
so
maybe
a
little
bit
about,
because
I
know
the
conversation
with
compliance.
Auditors
and
and
folks,
like
that,
how
you
help
people
have
those
conversations
to
trust
the
tooling.
A
I
think
that
building
that
trust
inside
of
an
organization
I
know,
because
I'm
old,
I
can
remember
having
to
go
through
log
files
line
by
line
with
auditors
like
yes,
my
database
is
really
you
know
doing
this,
and
those
transactions
really
are
logged.
But
maybe,
if
you
could
talk
about
your
experience
on
helping
people,
do
that
and
having
those
conversations.
C
Yes,
I
would
start
by
saying
I
absolutely
agree
and
one
of
the
things
again
I've
been
part
of
this
industry.
Essentially
you
know
from
the
beginning.
You
know
I've,
I
I
was
there
when
kubernetes
did
you
know,
release
number
one.
I've
been
following.
C
Definitely
the
evolution
of
openshift
since
pretty
much
the
very
very
beginning,
and
what
you're
saying
is
is
is
clearly
insightful
because
more
and
more
things
like
compliance
or
forensics
is
another
one
become
become
more
important
when
talking
to
people
both
in
the
community
and
and
in
the
industry,
and
this
is
clearly,
in
my
opinion,
one
of
the
best
in
indicators
of
the
fact
that
our
ecosystem
is
maturing
right.
C
When
we
were
at
the
beginning,
like
2014
2015,
people
were
mostly
worried,
worried
about
container
image
scanning,
which
is
the
first
check
that
you
need
to
fill.
Even
if
you
are
not
really
going
into
into
production,
you
know,
and
then
you
really
need
to
to
start
running.
You
know,
because
maybe
you're
doing
experiments
you're
doing
just
applications
that
are
not
critical,
and
that
is
your.
Your
application
scale
become
more
critical
and
more
developers
and
more
users.
Then
you
start
okay,
you
know,
runtime
becomes
important.
Compliance
becomes
really
important.
C
You
know
I
if
I
need
to
replace
my
legacy
infrastructure
with
one
it
is
based
on
containers
and
openshift.
I
need
to
make
sure
that
I
have
the
same
compliance
checks.
You
know
and
this
kind
of
stuff
that
maybe
is
not
as
sexy.
C
As
I
don't
know,
the
working
with
the
latest
and
greatest
features
in
kubernetes
becomes
really.
You
know
a
critical
thing.
So
I
see
these
increasing
interest
in
compliance
and,
as
a
consequence,
the
growth
of
of
a
company
like
sysdig
is
a
very
exciting
indicator
of
the
maturity
of
the
kubernetes
kubernetes
market.
B
And
diane
brings
up
a
great
point
and
again
it's
like
they're.
I
think
right
now
as
we're
seeing
this-
and
you
know
you
know
red
hat's,
seeing
this
as
well,
it's
it's
it's
a
cultural
shift
without
a
shadow
of
a
doubt
right.
The
security
teams
were
here
and
the
network
teams
were
here
and
then
the
devops
teams
were
here
right
and
so
amalgamating
the
two
teams.
What
do
you
need?
Do
you
need
to
embed
the
security?
So
the
developer
is
like
well.
Why
are
they?
B
The
reason
why
we
have
to
do
this
is
your
applications
need
to
be
compliant
when
they're
pushed
into
an
environment
from
a
runtime
perspective
and
so
from
our
it's
kind
of
our
our
take
on
it
is
that
you
know
you're
we're
actually
helping
to
unite
those
two
teams,
because
we're
saying
this
is
a
common
set
that
you're
going
to
see
and
here's
you
know
basis
either
from
mitre
or
some
pci
compliance
and
tags.
From
that
perspective,
you
know
part
of
our
enterprise
tool
as
well
is
having
this
workflow.
B
A
A
More
than
compliance,
I
mean,
I
think,
the
first
when
developers
first
approach,
sysdig
or
admins
or
network
people
come
in
they're
using
because
they
need
the
tools
to
figure
out
this
stuff
and
the
maturing
of
the
audience
for
whom
these
reports
and
tooling
and
the
trust
issues
have
to
be
built
out,
shows
shows
just
sort
of
the
next
level
of
the
kubernetes
ecosystem.
B
It's
incident
response
and
again,
if
you
think
about,
if
you
extrapolate
that
term,
even
to
from
a
travel
troubleshooting
perspective
right,
you
talk
about
this
devops
function,
somebody's
trying
to
debug
why
their
pod
crashed.
I
could
tell
you
right
now:
the
number
one
blog
we
have
out.
There
is
a
podcasting
and
we
have
a
blog.
We
wrote
how
to
troubleshoot
that
with
systick
now
think
about
now,
taking
that,
from
a
runtime
perspective,
figuring
out
somebody
terminaled
into
your
container
and
wrote
to
the
etsy
directory,
that's
hitting
all
types
of
compliance
on
your
production
level.
B
I
want
to
know
that's
a
pci
compliance
bench,
that's
something
that's
necessary
or
the
underlying
host
itself
is
in
compliance.
Now
again,
if
you're
using
openshift
they're
going
to
plug
for
openshift
you're
already
hardened,
you
already
have
some
that
indemnity
right.
So
it's
you
know,
I'm
not
getting
paid
diane's,
not
sending
me
and
laura.
B
Yeah,
so
do
you
want
us
to
go
into
the
next
question
or
because
I
see
one
about
cloud
scale,
prometheus
monitoring
as
well.
B
Large
wanted
me
to
get
the
first
half
and
then
you
get
the
second
half.
So
it's
up
to
you.
C
Yeah
sure.
C
Is
the
question
just
a
general
overview
of
what
we
do
or.
C
Yeah
it's
what
one
of
the
other
tools
and
ecosystems
that
has
taken
the
I.t
war
by
storm
is
the
converging
of
visibility
and
and
monitoring
into.
Finally,
after
you
know,
decades
in
open
standard,
an
open
protocol,
an
open
way
to
export
and
collect
metrics
and
a
a
way
that
can
be,
you
know,
embedded
similarly
to
falco
inside
inside
the
platforms
and
inside
kubernetes
easily,
and-
and
this
is
prometheus
right,
prometheus
is,
is
great,
and
the
most
important
thing
about
prometheus
is
that
it
gives
you.
C
It
gives
us
essentially
common
language
around
which
we
can.
We
can
have
conversations
about
metrics.
This
common
language
is
definitely
the
promised
protocol
to
to
in
in
the
format
for
the
prometus
exporters,
but
also
from
ql
the
the
query
language
that
is
at
the
base
of
what
prometheus
does
and
then
you
know,
like
grafana,
is
a
way
to
visualize.
This
matrix
system
comes
from
a
strong
background
in
monitoring
invisibility
and
the
way
we.
C
What
we
want
to
bring
to
the
market
in
terms
of
of
prometheus
is
the
from
one
point
of
view,
decreasing
the
barriers
so
making
it
making
prometheus
easier
to
consume,
and
we
have
a
commercial
offering
that
includes,
essentially
a
bunch
of
exporters
and
dashboards
that
are
curated
and
opinionated
by
by
cisnegan.
That
can
be
used
essentially
in
a
in
a
in
an
easy
and
natural
way.
C
The
other
one
is
the
scale
we
built
essentially
an
engine,
a
sas
engine
that
is
more
or
less
infinitely
scalable
in
terms
of
prometheus,
that
you
can
trust
in
terms
of
stability
and
in
in
terms
of
you
know,
throwing
at
it
the
data
of
even
you
know,
sophisticated
or
big
infrastructures,
but
that
at
the
same
time
differently
from
most
of
the
other.
C
You
know,
commercial
monitoring
solutions
is
fully
hundred
percent
compatible
and
host
walkable
with
the
prometheus
that
that
you're
using
today,
you
know
so,
if
you're,
just
using
a
single
permitted
server
or
if
you're,
using
tunnels
and
cortex
you
can
hold,
swap
and
and
use.
C
This
dig
in
a
very
natural
way
and
the
other
thing
is:
we
offer
something
that,
especially
for
enterprises
that
maybe
have
a
bigger
size
as
all
of
the
integrations
ability
to
support,
for
example,
teams
of
developers
with
segmented
data
ability
to
integrate,
with
our
back
and
and
all
this
kind
of
stuff,
that
a
bigger
organization
with
many
developers
and
many
users
needs
for
prometheus.
C
So
our
philosophy
is
always
we
support
open
source,
and
we
try
to
you
know,
make
it
possible
for
people
to
really
truly
adopt
standards
and
based
their
their
infrastructure
on
true
standards,
but
when
it's
time
essentially
to
bring
it
to
the
next
level
in
terms
of
security
in
terms
of
visibility
in
terms
of
troubleshooting,
you
can
trust
this
date
to
be
your
partner,
and
you
can
have
a
partner
that
essentially
has
work
work
with
the
biggest
company
companies
in
the
world
and
there's
essentially
a
better
tested
solution
that
is
fully
compatible
and
fully
hosts
workable.
B
Nailed
it
as
usual
laura.
So
I
think
I
had
one
point
to
this
is
also
we
have
a
curated
kind
of
hub.
It's
called
the.
I
just
think
I'll
also
base
this
as
well
as
openshift
out
of
the
box.
It's
you
know,
amazing
in
prometheus
integrations,
and
so
what
we're
doing
is
adding
you
know
again,
as
systick
does
right
is
adding
even
more
layers
to
that
for
you
to
be
able
to
like
get
even
deeper
dissemination.
B
Do
that
troubleshooting,
like
laura
said,
have
that
our
back
functionality,
but
also
we
have
a
curated
list
of
exporters
that
you
can
have
helm
charts
to
be
able
to
deploy
in
your
environment,
something
called
promcat.io
to
type
that
in
chat,
promcat,
dot,
io
and
basically,
what
that's
gonna
allow
you
to
do.
Is
you
have
helm
truck
to
deploy
new
things
that
are
out
there
because
right
now?
What
do
you
do?
B
You
go
out
there
and
you
find
an
exporter,
and
you
cross
your
fingers
that
it's
not
going
to
bring
your
whole
cluster
down,
because
it
might
be
something
like
a
node
exporter
that
somebody
might
have.
You
know
really
not
put
the
testing
in
you
know
we
tested
this.
You
know
some
integrations
were
like,
let's
just
say,
nginx
or
you
know,
cloudwatch
metrics.
Whatever
I
mean,
we've
worked
with
like
these
various
teams
to
be
able
to
have
that
going.
So
that's
another
kind
of
key
advantage.
We
have
is
this
kind
of
curated.
B
You
know
integration
along
with
all
the
amazing
stuff
we
do
to
to
make
it
cloud
scale
from
a
back-end
perspective,.
A
B
I
see
what
we
did
in
chad.
He
also
mentioned
security
hub
again,
great
stuff
there.
That's
you
know
something
with
that.
So
our
all
our
falco
rules
is
basically
you
know,
I'm
sorry
to
take
it
over,
but
that's
basically
where
something
you
know
you
can
have
like
best
practice
configurations
of
falco
rules
that
you
may
not
know
about
stuff.
Like
you
know,
securing
fcd
or
securing
you
know
your
instances
that
are
running
in
in
gke
or
you
know
those
types
of
things
or
fluent
d
rules.
B
A
So
I
I
think
that
the
wonderful,
the
beauty
of
the
open
source,
community
and
walid
and
everybody
else
is
sort
of
showcasing
that
is,
is
the
willingness
to
share
the
recipes
and
cookbooks
and
templates
for
doing
these
things,
and
I
think
that's
that's
and
and
with
with
the
different
approaches
with
prometheus
and
falco
and
other
things
and
helm
and
operators.
A
This
is
really
one
of
the
things
that
is,
I
think,
helping
with
the
adoption
of
kubernetes
and
securing
it
and
making
sure
that
it
matures
in
in
a
way
that
we
can
all
take
advantage
and
build
our
innovations
and
do
our
workloads
on
it.
B
This
is
something
we
learned.
We
learned
from
our
friends
at
red
hat
I
mean
with
you
know,
ansible
galaxy
and
and
in
the
things
you
all
are
doing
with
operators,
I
mean
again
we
you
know,
you
are
the
you
know
in
terms
of
our
relationship.
We
understand,
like
you,
know
what
what
you
all
bring
to
the
table
and
we
we
want
to
help.
You
know
benefit
you
as
well.
So
that's
what
we
do.
A
Yeah
well-
and
I
didn't
pay
him
to
say
that
so
it's
it's
it's.
It
is
the
open
source
model
and-
and
I
think
you
know,
red
hat
drinks-
the
kool-aid
and
and
loris
you've
obviously
been
drinking.
The
kool-aid,
oh
he's
gonna,
put
on
his
red
hat
jacket.
A
A
You
know
I'm
I'm
getting
some
knitted
okd
hats
into
the
cool
schools,
cool
stuff,
store
at
red
hats,
hopefully
in
time
for
christmas,
so
we'll
send
you
some
for
being
on
the
show,
I'm
wondering
if
you
could
talk
a
little
bit
about
your
road
map.
What
you
see
coming
down
the
pike
for
sistig
for
the
offerings
you
have,
or
even
in
the
evolution
of
kubernetes
itself,
what
your?
What
you
guys
are
thinking
about.
Yes,
waleed!
I
know
the
okd
t-shirt
did
not
appear
on
your
doorstep
as
it
should
have.
We.
C
Oh
yeah,
I
can
take
this
one
in
a
general
way.
Cisdeg,
as
a
company
is
betting
on
the
fact
that
there's
really,
you
know
at
this
point,
there's
no
question
that
a
new
stack
is
formed
and
the
new
stack
is
going
to
be
based
on
kubernetes
and
the
new
stack
is
going
to
be
powerful
cloud
native
and
open
and
open
source
and
community
driven
by
nature.
So
we
see,
essentially,
we
were
talking
just
down.
You
know
about
the
open
source
and
the
community
approach,
not
only.
C
What
I
mean
is,
for
example,
in
security,
which
is
an
area
as
we
discussed
where
the
system
is
really
focusing
a
lot
of
energy.
C
The
legacy
approach
of
having
solutions
that
are
built
in
a
proprietary
way
and
and
brought
to
the
market
in
a
proprietary
way,
just
not
going
to
happen
anymore.
You
know
kubernetes
is
designed
as
an
open
ecosystem
as
a
system
based
on
standards
on
api
on
on
community
collaboration,
and
that
will
have
to
be
the
case
everywhere.
So
from
the
open
source
point
of
view.
C
The
way
we
see
falco
progressing
is
really
like.
We
are.
I
was
mentioning
before
as
we're
designing
falco
as
a
very,
very
powerful
engine
that
is
essentially
pluggable
our
goal
is,
it
should
be
easy
for
anybody,
essentially
the
ideally
one-liner
to
not
only
deploy
falco
on
kubernetes,
but
also
create
the
proper
pipeline
of
collection
and
processing
of
the
data
to
make
a
falco,
essentially
a
insightful
for
you,
and
not
not
only
like
when
you
have
the
security
camera.
It's
only
good.
C
If,
if
you
can
do
something,
you
know
with
the
data,
if
you,
if
you're,
never
able
to
look
at
it,
it
would
be
useful,
so
modularity
efficiency
and
the
ability
to
embed
the
the
the
tool,
whatever
whatever
is
possible
from
the
commercial
point
of
view
very
similar
philosophy.
So
we
see
sysdig,
cystic,
secure
and
cystic
monitor
really
evolve
in
a
way
that
is
as
close
as
possible
to
kubernetes,
taking
advantage
whenever
possible.
C
Of
the
richness
and
power
of
kubernetes
one
other
one
way
that
I
like
to
put
this
is
better
included
right,
so
don't
go
and
you
know
implement
some
way
of
blocking
like
images
from
going
into
production.
When
kubernetes
offers
that
mission
control,
you
know,
don't
try
to
do
whatever
you
know
like
protection
of
containers
when
in
custom
ways,
maybe
using
weird
stuff
like
healthy,
preload
and
so
on.
C
When
kubernetes
gives
you,
I
don't
know,
post
security
policies
or
second
profiles,
you
know
or
stuff
like
that,
so
try
to
create
a
tool
that
brings
really
critical
important
functionality
like
compliance,
which
we're
always
working
to
enhance
like
a
runtime
security
like
forensics,
we,
which
we
didn't
really
touch
very
deeply
now,
but
it's
very
important
because
open
shift,
kubernetes,
orchid,
orchestrates
stuff
away
right.
So
by
the
time
you
get
a
red
light
from
one
of
your
tools,
and
you
know
that
you've
been
attacked
very
likely.
Your
container
is
gone,
you
know.
C
C
So
from
the
wrong
point
of
view,
if
you
follow
essentially
the
robot
of
of
kubernetes
and
what's
happening
with
that
network
mesh
what's
happening,
you
know
with
the
things
that
have
been
added
to
the
platform
what's
happening
with
the
you
know
like
the
enrichments
that
that
tools
like
like
openshift
bring
on
top
of
kubernetes.
C
He
just
want,
wants
to
play
with
that
integrate
and
essentially,
at
any
stage
stage
of
the
pipeline
being
able
to
offer
security
protection,
compliance
monitoring,
troubleshooting
incident
response.
B
I
think
you
will
add,
really
quick
and
then
we
we
should
probably
you
know,
wrap
it
up.
Diana
think
we're
close
to
the
time,
but
you
know
in
terms
of
just
having
a
workflow
from
a
security
perspective,
and
you
know
this
isn't
also
for
the
larger
enterprises.
It's
also
like
having
security
as
a
sas
based
deployment
as
well.
That's
not
not
something
that
other
vendors
can
do
and
we
can
right.
So
we
have
this,
like
you
know,
essentials
functionality,
which
are
the
five
top
five
things
you
would
need
to
be
able
to.
B
You
know,
secure
your
environments
that
maybe
look
securing
you
know,
I'm
doing
a
cubicle
talk,
cube
contact
talking
about
how
kubernetes
by
itself
is
not
secure.
There's
things
that
you
need
to
do
to
secure
your
pipelines
to
secure
your
runtime
capabilities
and
laura
said
the
forensics
capability.
So
what
we're
going
to
do
is
new
event,
streams,
new
work,
easier
workflows
for
you
to
be
able
to
do
that,
and
also
for
the
enterprises
are
the
you
know,
those
smbs
or
the
you
know,
mid-size
companies
that
just
want
to
be
able
to
like
not
worry.
B
C
And
another
thing
that
the
last
one
that
I
want
to
mention
in
terms
of
where
we're
going
as
an
open
source
community
for
falcon
as
a
company,
the
other
one
is
running.
Kubernetes
is
becoming
standard.
You
know
everywhere
in
the
data
center,
at
the
edge
in
the
cloud
and
falco
is
an
open
source
tool
and
sysdig
is
a
company
he's
really
focusing
a
lot
on
helping
our
users
and
protecting
applications
everywhere?
Just
now
you
know
I
was
in
a
call
with
the
falco
community
and
we
were
discussing
arm
support.
C
C
C
Working
one
day,
okay,
but
that's
an
interesting
one,
you
know
or
or
the
cloud
you
know
being
able
to
to
run.
You
know
falcon
system
on
environments
like
I
don't
know,
fargate
or
or
or
or
wherever
you
know
you.
You
want
to
run
containers
everywhere,
so
kubernetes
is
going
everywhere
as
a
consequence.
This
thing
needs
to
go
everywhere.
A
I
I
think,
that's
that's,
actually
probably
a
great
place
to
sort
of
wrap
this
up
and
maybe
where,
if
you
want
dan
to
share
the
the
resources
slide
that
you
had
there
so
that
people
know
how
to
get
a
hold
of
you
all
and
and
where
to
find
more
of
this
stuff.
And-
and
you
mentioned
dan,
you
have
a
talk
at
kubecon,
north
america,.
B
I
do
yeah,
I'm
I'm
speaking
yeah,
I'm
speaking
with
yeah
speaking
at
with
actually
booz
allen,
we're
going
to
talk
about
pretty
much
like
you
know
the
inherit
aspects
of
kubernetes
that
aren't
out
of
the
box,
secure
so
being
able
to
do
that.
I
have
a
flashing
on
the
screen
as
well
kind
of
you
know.
We
have
upcoming
things,
I
mean
if
you
go
to
sysdig
right
now
and
in
terms
of
our
partner
red
hatch
site
I
mean
we
have.
B
I
mean
we're
well
known
for
the
blogs
that
we
write
in
terms
of
releases
and
everything
like
that.
So
take
a
look
at
that
security
on
red
eye
openshift.
We
actually
wrote
that
with
red
hat
on
securing
openshift,
it's
a
very
you
know
well
well
placed
document.
We
appreciate
you
know
the
the
working
together
with
red
hat
on
that
again
loris.
Do
you
want
to
handle
the
talking
about?
You
know
joining
the
community
and
that
type
of
thing.
C
So,
first
of
all,
we
would
love
to
see
you
as
an
open
source
user
of
falco
runtime
security
is
really
become
becoming
more
and
more
important
for
kubernetes,
and
if
you
do
run
time,
security
for
kubernetes,
then-
and
if
you
care
about
it,
then
you
need
to
come
and
and
and
take
a
look
at
falco.
We
are
there
to
help
you.
C
We
are
a
cncf
project.
We
have
our
github
page.
We
have
our
weekly
calls.
So
just
go.
Go
to
the
links
on
this
document.
Come
say:
hi,
we'll
be
happy
to
to
chat
with
you
and
we'll
be
happy
to
see
you
use
falco
as
a
tool.
B
Can
he
hear
the
vendors
talk
about
stuff,
but,
having
an
actual
you
know,
three
enterprises
talk
about
how
they,
you
know
solved
kubernetes
with
anecdotal
things
with
openshift
and
systick,
and
you
know
and
is,
is
huge
so
having
anecdotal
pieces
where
it's
real,
it's
real,
where
people
are
using
these
technologies
in
real
time
check
this
out.
On
november
10th,
we
have
a
bright
talk,
we'd
love
to
see
you
all.
There.
A
Awesome
because
I
I'm
saying
that
2021
is
the
year
of
the
end
users
sharing
their
best
practices
and
lessons
learned
and
events
like
that
and
like
the
openshift
commons
events,
really
the
people
we
we
love
to
hear.
A
We
love
to
hear
the
updates
from
folks
like
yourselves
on
falco
and
cystic
and
stuff,
but
I
think
the
value
proposition
for
hearing
from
end
users
is
is
so
much
more
real
and
that's
where
we
really
learned
some
of
the
best
kept
secrets
on
how
to
use
some
of
this
software
and
how
people
are
using
it
and
configuring
it
to
make
their
solve
their
problems
and
help
secure
their
system.
So
I
I
really
appreciate
you
guys
coming
here
today
that
this
is
awesome.
A
Listen
to
the
podcast.
You
know
you
should,
if
you're
not
yet,
you
should
be
and
we'll
we'll
definitely
reach
out
and
get
updates
as
we
go
forward
and
do
some
more
work
and
and
definitely
check
out
dan's
talk
at
yeah.
I
know
there's
the
red
hat
and
eyes.
A
Yep
there
you
go
and
if
you're,
if
you're
going
to
kubecon
north
america,
you
can
also
add
on
for
having
hosting
an
openshift
commons
gathering
on
november
17th
day
zero
of
kubecon
and
we'll
have
a
number
of
end
users
talking
as
well
as
updates
on
the
latest
release
4.6,
and
so
there's
going
to
be
lots
of
really
good
content
coming
out.
And
hopefully
you
won't
hit
virtual
burnout,
but
some
of
these
stories
are
really
some
of
the
best
things
I've
heard.
A
So
there's
going
to
be
some
really
cool
stuff
coming
at
kubecon.
So
thanks
again,
lauras
thank.