BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//conference.wireshark.org//sharkfest-24-eu//talk//FW933D
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-sharkfest-24-eu-FW933D@conference.wireshark.org
DTSTART;TZID=CET:20241106T110000
DTEND;TZID=CET:20241106T120000
DESCRIPTION:Falco\, a CNCF project\, is the de facto solution for runtime t
 hreat detection in Linux and Kubernetes environments. It offers complete k
 ernel-level visibility by capturing Syscalls via eBPF\, analyzing this flo
 w with a powerful rules engine and alerting when a rule is triggered.\nOve
 r time\, the Falco ecosystem has grown to include the ability to retrieve 
 events from different sources\, such as SaaS or Cloud provider audit logs\
 , and to integrate with dozens of tools for notification\, analysis and re
 action. The last born in its ecosystem is Falco Talon\, a tailor made no-c
 ode response engine\, which react to the Falco events with out of the box 
 actions\, such as terminating a pod\, or triggering a tcpdump.\nIn this ta
 lk\, listeners will learn the basics of Falco\, and will be treated to a r
 eal-time demonstration of remediation action against intrusions\, with a b
 ig focus on the capacity to trigger a tcpdump\, to observe what the attack
 er did following the raised alert.
DTSTAMP:20260508T111442Z
LOCATION:Palais Sachsen Coburg I-III
SUMMARY:Automatically trigger captures via tcpdump when a suspicious event 
 occurs in your Kubernetes cluster - Thomas Labarussias
URL:https://conference.wireshark.org/sharkfest-24-eu/talk/FW933D/
END:VEVENT
END:VCALENDAR