CloudNativeSecurityCon_2023-CloudSecurityEvents.pdf

編號:140568 PDF 10頁 827.15KB 下載積分:VIP專享
下載報告請您先登錄!

CloudNativeSecurityCon_2023-CloudSecurityEvents.pdf

1、A Lightweight Framework For Security ReactionsCloud(Security)EventsEvan AndersonWhat Is An Event?A notification that something happened in a system.Photo by Jeff Finley on UnsplashWhat Is CloudEvents?CNCF project to standardize event format and metadataDocumented formats:JSONAVROProtobufXMLKey field

2、s(extensible):typesourceidtimestampSecurity EventsBefore an IncidentSoftware buildsDeploymentsVulnerability ScansCVEsTest resultsSDL process stagesIncident ResponseUnexpected System CallsConfiguration ChangesNetwork ConnectionsLogins and AuthenticationsTokens or certs issuedExamples?Falco has a seri

3、es of blog posts using the following projects to achieve the same result:Delete any pod which spawns an interactive terminal shellhttps:/falco.org/blog/falcosidekick-response-engine-part-1-kubeless/Example Eventsce-specversion:1.0ce-type:falco.rule.output.v1ce-source:falco.orgce-id:f7628198-3822-4c9

4、8-ac3f-71770e272a16ce-time:2023-01-11T21:45:31Zce-rule:Terminal shell in containeroutput:21:45:31.,rule:Terminal shell in container,output_fields:container.id:f29b261f8831,container.image.repository:mysql,k8s.ns.name:default,k8s.pod.name:alpine,proc.cmdline:bash-il,proc.name:bash,proc.pname:runc,pro

5、c.tty:34816,user.loginuid:-1,user.name:root“ce-specversion:1.0ce-type:dev.cdevents.service.upgraded.0.1-draftce-source:https:/my-argo-instance.dev/ce-subject:/namespaces/myns/deployments/fooce-time:2023-01-18T22:14:17Zce-id:e699633e-de83-4427-a6dd-9e702ae008d9-8context:.,subject:id:deployments/foo“,

6、environment:id:“namespaces/myns,source:.,name:staging,url:.,artifactId:oci:/.If You Are A Vendor:Generate CloudEvents!Document how to consume them webhook,kafka topic,etcDocument your event types and schemasIf You Are An End-User:Remediation data(react immediately):Use event routing and serverless t

7、o automatically remediate!SIEM data(keep for medium time to support post-hoc analysis):Index and store in queryable format.(BigQuery/Snowflake)Critical data(keep for a long time as part of audit records):Archive and store as log-type records.(S3/cold storage)Please scan the QR Code aboveto leave feedback on this sessionThank You!

友情提示

1、下載報告失敗解決辦法
2、PDF文件下載后,可能會被瀏覽器默認打開,此種情況可以點擊瀏覽器菜單,保存網頁到桌面,就可以正常下載了。
3、本站不支持迅雷下載,請使用電腦自帶的IE瀏覽器,或者360瀏覽器、谷歌瀏覽器下載即可。
4、本站報告下載后的文檔和圖紙-無水印,預覽文檔經過壓縮,下載后原文更清晰。

本文(CloudNativeSecurityCon_2023-CloudSecurityEvents.pdf)為本站 (2200) 主動上傳,三個皮匠報告文庫僅提供信息存儲空間,僅對用戶上傳內容的表現方式做保護處理,對上載內容本身不做任何修改或編輯。 若此文所含內容侵犯了您的版權或隱私,請立即通知三個皮匠報告文庫(點擊聯系客服),我們立即給予刪除!

溫馨提示:如果因為網速或其他原因下載失敗請重新下載,重復下載不扣分。
客服
商務合作
小程序
服務號
折疊
午夜网日韩中文字幕,日韩Av中文字幕久久,亚洲中文字幕在线一区二区,最新中文字幕在线视频网站