Woah! We have our application deployed in a cluster and ready to manage or fleet of containers. And is really awesome, we can scale them automatically! But, but... WTF?! What does it mean this message about "File below a known binary directory opened for writing"? Which container opened a file under /bin to write in among the other 9813 containers in my deployment?
When you are managing a Docker cluster with a lot of nodes and containers, finding which one originates the alert may be cumbersome. Time matters and the faster we can react to a security issue the better to avoid greater damage.
Automation is an important point in DevSecOps mindset, and in this talk we are going to learn how to implement custom playbooks with Open Source Software and deploy it using serverless technology for deploying an active security system which uses Sysdig Falco for detecting security threats.