Muutke küpsiste eelistusi

E-raamat: Practical Cloud Native Security with Falco

4.00/5 (6 hinnangut Goodreads-ist)
,
  • Formaat: 228 pages
  • Ilmumisaeg: 10-Aug-2022
  • Kirjastus: O'Reilly Media
  • Keel: eng
  • ISBN-13: 9781098118549
Teised raamatud teemal:
  • Formaat - PDF+DRM
  • Hind: 47,96 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
Practical Cloud Native Security with FalcoSuurem pilt
  • Formaat: 228 pages
  • Ilmumisaeg: 10-Aug-2022
  • Kirjastus: O'Reilly Media
  • Keel: eng
  • ISBN-13: 9781098118549
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

As more and more organizations migrate their applications to the cloud, cloud native computing has become the dominant way to approach software development and execution. In the meantime, security threats are growing more sophisticated and widespread every day. Protecting your applications from these threats requires the ability to defend them at runtime, when they're most vulnerable to attacks.

This practical guide introduces you to Falco, the open source standard for continuous risk and threat detection across Kubernetes, containers, and the cloud. Falco creator Loris Degioanni and core maintainer Leonardo Grasso bring you up to speed on cloud native threat detection basics and show you how to get Falco up and running. You'll then dive into advanced topics such as deploying Falco in production and writing your own security rules.

You'll learn how to:

  • Leverage runtime security in cloud native environments
  • Detect configuration changes and unexpected behavior in the cloud
  • Protect containers, Kubernetes, and cloud applications using Falco
  • Run, deploy, and customize Falco using advanced concepts
  • Deploy, configure, and maintain Falco in a production environment
  • Improve your organization's ability to pass compliance audits
  • Implement threat detection for containers, Kubernetes, and cloud apps

Preface xi
Part I The Basics
1 Introducing Falco
3(12)
Falco in a Nutshell
3(4)
Sensors
4(1)
Data Sources
4(1)
Rules
5(1)
Data Enrichment
6(1)
Output Channels
6(1)
Containers and More
7(1)
Falco's Design Principles
7(3)
Specialized for Runtime
7(1)
Suitable for Production
7(1)
Intent-Free Instrumentation
8(1)
Optimized to Run at the Edge
8(1)
Avoids Moving and Storing a Ton of Data
8(1)
Scalable
8(1)
Truthful
9(1)
Robust Defaults, Richly Extensible
9(1)
Simple
9(1)
What You Can Do with Falco
10(1)
What You Cannot Do with Falco
10(1)
Background and History
10(5)
Network Packets: BPF, libpcap, tcpdump, and Wireshark
11(1)
Snort and Packet-Based Runtime Security
11(1)
The Network Packets Crisis
12(1)
System Calls as a Data Source: sysdig
12(1)
Falco
13(2)
2 Getting Started with Falco on Your Local Machine
15(14)
Running Falco on Your Local Machine
15(3)
Downloading and Installing the Binary Package
16(1)
Installing the Driver
16(1)
Starting Falco
17(1)
Generating Events
18(3)
Interpreting Falco's Output
21(2)
Customizing Your Falco Instance
23(2)
Rules Files
23(1)
Output Channels
23(2)
Conclusion
25(4)
Part II The Architecture of Falco
3 Understanding Falco's Architecture
29(12)
Falco and the Falco Libraries: A Data-Flow View
31(1)
Drivers
32(1)
Plugins
33(1)
Libscap
34(3)
Managing Data Sources
34(1)
Supporting Trace Files
34(2)
Collecting System State
36(1)
Libsinsp
37(2)
State Engine
37(1)
Event Parsing
38(1)
Filtering
38(1)
Output Formatting
39(1)
One More Thing About libsinsp
39(1)
Rule Engine
39(1)
Conclusion
40(1)
4 Data Sources
41(22)
System Calls
41(6)
Examples
43(1)
Observing System Calls
43(4)
Capturing System Calls
47(6)
Accuracy
49(1)
Performance
49(1)
Scalability
49(1)
So What About Stability and Security?
50(1)
Kernel-Level Instrumentation Approaches
50(3)
The Falco Drivers
53(3)
Which Driver Should You Use?
55(1)
Capturing System Calls Within Containers
55(1)
Running the Falco Drivers
56(2)
Kernel Module
56(1)
Ebpf Probe
57(1)
Using Falco in Environments Where Kernel Access Is Not Available: pdig
57(1)
Running Falco with pdig
58(1)
Falco Plugins
58(3)
Plugin Architecture Concepts
59(1)
How Falco Uses Plugins
60(1)
Conclusion
61(2)
5 Data Enrichment
63(12)
Understanding Data Enrichment for Syscalls
63(10)
Operating System Metadata
65(2)
Container Metadata
67(2)
Kubernetes Metadata
69(4)
Data Enrichment with Plugins
73(1)
Conclusion
73(2)
6 Fields and Filters
75(16)
What Is a Filter?
75(1)
Filtering Syntax Reference
76(2)
Relational Operators
77(1)
Logical Operators
78(1)
Strings and Quoting
78(1)
Fields
78(4)
Argument Fields Versus Enrichment Fields
78(2)
Mandatory Fields Versus Optional Fields
80(1)
Field Types
80(2)
Using Fields and Filters
82(2)
Fields and Filters in Falco
82(1)
Fields and Filters in sysdig
83(1)
Falco's Most Useful Fields
84(6)
General
85(1)
Processes
85(1)
File Descriptors
86(1)
Users and Groups
87(1)
Containers
87(1)
Kubernetes
88(1)
CloudTrail
88(1)
Kubernetes Audit Logs
89(1)
Conclusion
90(1)
7 Falco Rules
91(12)
Introducing Falco Rules Files
91(2)
Anatomy of a Falco Rules File
93(5)
Rules
93(2)
Macros
95(1)
Lists
96(1)
Rule Tagging
96(2)
Declaring the Expected Engine Version
98(1)
Replacing, Appending to, and Disabling Rules
98(3)
Replacing Macros, Lists, and Rules
99(1)
Appending to Macros, Lists, and Rules
100(1)
Disabling Rules
100(1)
Conclusion
101(2)
8 The Output Framework
103(14)
Falco's Output Architecture
103(2)
Output Formatting
105(1)
Output Channels
106(7)
Standard Output
108(1)
Syslog Output
108(1)
File Output
108(1)
Program Output
109(1)
HTTP Output
109(1)
GRPC Output
110(2)
Other Logging Options
112(1)
Conclusion
113(4)
Part III Running Falco in Production
9 Installing Falco
117(14)
Choosing Your Setup
117(1)
Installing Directly on the Host
118(5)
Using a Package Manager
119(3)
Without Using a Package Manager
122(1)
Managing the Driver
122(1)
Running Falco in a Container
123(4)
Syscall Instrumentation Scenario
124(3)
Plugin Scenario
127(1)
Deploying to a Kubernetes Cluster
127(3)
Using Helm
128(1)
Using Manifests
129(1)
Conclusion
130(1)
10 Configuring and Running Falco
131(14)
Configuring Falco
131(1)
Differences Among Installation Methods
132(1)
Host Installation
132(1)
Containers
132(1)
Kubernetes Deployments
133(1)
Command-Line Options and Environment Variables
133(6)
Configuration Settings
134(1)
Instrumentation Settings (Syscalls Only)
134(2)
Data Enrichment Settings (Syscalls Only)
136(1)
Ruleset Settings
137(1)
Output Settings
137(1)
Other Settings for Debugging and Troubleshooting
138(1)
Configuration File
139(1)
Ruleset
140(2)
Loading Rules Files
140(1)
Tuning the Ruleset
141(1)
Using Plugins
142(1)
Changing the Configuration
143(1)
Conclusion
144(1)
11 Using Falco for Cloud Security
145(10)
Why Falco for AWS Security?
145(1)
Falco's Architecture and AWS Security
146(2)
Detection Examples
147(1)
Configuring and Running Falco for CloudTrail Security
148(5)
Receiving Log Files Through an SQS Queue
148(4)
Reading Events from an S3 Bucket or the Local Filesystem
152(1)
Extending Falco's AWS Ruleset
153(1)
What About Other Clouds?
154(1)
Conclusion
154(1)
12 Consuming Falco Events
155(12)
Working with Falco Outputs
155(5)
Falco-exporter
156(1)
Falcosidekick
157(3)
Observability and Analysis
160(1)
Getting Notified
161(1)
Responding to Threats
161(2)
Conclusion
163(4)
Part IV Extending Falco
13 Writing Falco Rules
167(12)
Customizing the Default Falco Rules
167(1)
Writing New Falco Rules
168(6)
Our Rule Development Method
168(6)
Things to Keep in Mind When Writing Rules
174(4)
Priorities
174(1)
Noise
175(1)
Performance
176(2)
Tagging
178(1)
Conclusion
178(1)
14 Falco Development
179(14)
Working with the Codebase
180(2)
The falcosecurity/falco Repository
180(1)
The falcosecurity/libs Repository
181(1)
Building Falco from Source
181(1)
Extending Falco Using the gRPC API
182(2)
Extending Falco with Plugins
184(8)
Preparing a Plugin in Go
185(1)
Plugin State and Initialization
185(2)
Adding Event Sourcing Capability
187(2)
Adding Field Extraction Capability
189(1)
Finalizing the Plugin
190(1)
Building a Plugin Written in Go
191(1)
Using Plugins While Developing
191(1)
Conclusion
192(1)
15 How to Contribute
193(4)
What Does It Mean to Contribute to Falco?
193(1)
Where Should I Start?
194(1)
Contributing to Falcosecurity Projects
194(3)
Issues
194(1)
Pull Requests
195(2)
Conclusion 197(2)
Index 199
Loris Degioanni is the CTO and founder of Sysdig. He's also the creator of Sysdig, the popular open source troubleshooting tool, as well as the CNCF runtime security tool Falco. Loris was one of the original contributors to Wireshark, the open source network analyzer. He holds a PhD in computer engineering from Politecnico di Torino and lives in Davis, California. Leonardo Grasso is an open source software engineer at Sysdig and a core maintainer of The Falco Project. He has a strong passion for software design and long professional experience in the R&D field. Leonardo loves contributing to open source projects from his home in Italy and enjoys building tools other engineers would like to use.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97810981185492e.html
Märksõnad: