دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
دانلود کتاب Practical Cloud Native Security with Falco: Risk and Threat Detection for Containers, Kubernetes, and Cloud. Early Release
دانلود کتاب امنیت عملی Cloud Native با Falco: تشخیص خطر و تهدید برای کانتینرها، Kubernetes و Cloud. انتشار زودهنگام
مشخصات کتاب
Practical Cloud Native Security with Falco: Risk and Threat Detection for Containers, Kubernetes, and Cloud. Early Release
ویرایش: [1 ed.]
نویسندگان: Loris Degioanni. Leonardo Grasso
سری:
ISBN (شابک) : 109811857X, 9781098118570
ناشر: O'Reilly Media
سال نشر: 2022
تعداد صفحات: 220
زبان: English
فرمت فایل : EPUB (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود)
حجم فایل: 3 Mb
قیمت کتاب (تومان) : 53,000
در صورت تبدیل فایل کتاب Practical Cloud Native Security with Falco: Risk and Threat Detection for Containers, Kubernetes, and Cloud. Early Release به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب امنیت عملی Cloud Native با Falco: تشخیص خطر و تهدید برای کانتینرها، Kubernetes و Cloud. انتشار زودهنگام نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
توضیحاتی در مورد کتاب امنیت عملی Cloud Native با Falco: تشخیص خطر و تهدید برای کانتینرها، Kubernetes و Cloud. انتشار زودهنگام
از آنجایی که سازمانهای بیشتری برنامههای کاربردی خود را به ابر مهاجرت میکنند، محاسبات بومی ابری به روشی غالب برای نزدیک شدن به توسعه و اجرای نرمافزار تبدیل شده است. در این میان، تهدیدات امنیتی هر روز پیچیده تر و گسترده تر می شوند. محافظت از برنامه های شما در برابر این تهدیدها مستلزم توانایی دفاع از آنها در زمان اجرا است، زمانی که در برابر حملات آسیب پذیر هستند.
این راهنمای عملی شما را با Falco آشنا میکند، استاندارد منبع باز برای شناسایی مستمر خطر و تهدید در Kubernetes، کانتینرها و ابر. خالق Falco، Loris Degioanni و نگهدارنده اصلی، Leonardo Grasso، اصول اولیه تشخیص تهدید بومی ابری را به شما معرفی میکنند و به شما نشان میدهند که چگونه Falco را راهاندازی و اجرا کنید. سپس به موضوعات پیشرفته ای مانند استقرار فالکو در تولید و نوشتن قوانین امنیتی خود خواهید پرداخت.
شما یاد خواهید گرفت که چگونه:
- از امنیت زمان اجرا در محیطهای بومی ابر استفاده کنید </ span>
- تشخیص تغییرات پیکربندی و رفتار غیرمنتظره در ابر
- محافظت کانتینرها، Kubernetes و برنامه های ابری با استفاده از Falco
- اجرا، استقرار و سفارشی سازی Falco با استفاده از مفاهیم پیشرفته </ li>
- استقرار، پیکربندی و نگهداری فالکو در یک محیط تولیدی
- توانایی سازمان خود را برای تصویب انطباق بهبود بخشید ممیزی
- پیاده سازی تشخیص تهدید برای کانتینرها، Kubernetes و برنامه های ابری
توضیحاتی درمورد کتاب به خارجی
As more and more organizations migrate their applications to the cloud, cloud native computing has become the dominant way to approach software development and execution. In the meantime, security threats are growing more sophisticated and widespread every day. Protecting your applications from these threats requires the ability to defend them at runtime, when they're most vulnerable to attacks.
This practical guide introduces you to Falco, the open source standard for continuous risk and threat detection across Kubernetes, containers, and the cloud. Falco creator Loris Degioanni and core maintainer Leonardo Grasso bring you up to speed on cloud native threat detection basics and show you how to get Falco up and running. You'll then dive into advanced topics such as deploying Falco in production and writing your own security rules.
You'll learn how to:
- Leverage runtime security in cloud native environments
- Detect configuration changes and unexpected behavior in the cloud
- Protect containers, Kubernetes, and cloud applications using Falco
- Run, deploy, and customize Falco using advanced concepts
- Deploy, configure, and maintain Falco in a production environment
- Improve your organization's ability to pass compliance audits
- Implement threat detection for containers, Kubernetes, and cloud apps
فهرست مطالب
Cover Copyright Table of Contents Preface Who Is This Book For? Overview Part I: The Basics Part II: The Architecture of Falco Part III: Running Falco in Production Part IV: Extending Falco Conventions Used in This Book Using Code Examples O’Reilly Online Learning How to Contact Us Acknowledgments Leonardo Loris Part I. The Basics Chapter 1. Introducing Falco Falco in a Nutshell Sensors Data Sources Rules Data Enrichment Output Channels Containers and More Falco’s Design Principles Specialized for Runtime Suitable for Production Intent-Free Instrumentation Optimized to Run at the Edge Avoids Moving and Storing a Ton of Data Scalable Truthful Robust Defaults, Richly Extensible Simple What You Can Do with Falco What You Cannot Do with Falco Background and History Network Packets: BPF, libpcap, tcpdump, and Wireshark Snort and Packet-Based Runtime Security The Network Packets Crisis System Calls as a Data Source: sysdig Falco Chapter 2. Getting Started with Falco on Your Local Machine Running Falco on Your Local Machine Downloading and Installing the Binary Package Installing the Driver Starting Falco Generating Events Interpreting Falco’s Output Customizing Your Falco Instance Rules Files Output Channels Conclusion Part II. The Architecture of Falco Chapter 3. Understanding Falco’s Architecture Falco and the Falco Libraries: A Data-Flow View Drivers Plugins libscap Managing Data Sources Supporting Trace Files Collecting System State libsinsp State Engine Event Parsing Filtering Output Formatting One More Thing About libsinsp Rule Engine Conclusion Chapter 4. Data Sources System Calls Examples Observing System Calls Capturing System Calls Accuracy Performance Scalability So What About Stability and Security? Kernel-Level Instrumentation Approaches The Falco Drivers Which Driver Should You Use? Capturing System Calls Within Containers Running the Falco Drivers Kernel Module eBPF Probe Using Falco in Environments Where Kernel Access Is Not Available: pdig Running Falco with pdig Falco Plugins Plugin Architecture Concepts How Falco Uses Plugins Conclusion Chapter 5. Data Enrichment Understanding Data Enrichment for Syscalls Operating System Metadata Container Metadata Kubernetes Metadata Data Enrichment with Plugins Conclusion Chapter 6. Fields and Filters What Is a Filter? Filtering Syntax Reference Relational Operators Logical Operators Strings and Quoting Fields Argument Fields Versus Enrichment Fields Mandatory Fields Versus Optional Fields Field Types Using Fields and Filters Fields and Filters in Falco Fields and Filters in sysdig Falco’s Most Useful Fields General Processes File Descriptors Users and Groups Containers Kubernetes CloudTrail Kubernetes Audit Logs Conclusion Chapter 7. Falco Rules Introducing Falco Rules Files Anatomy of a Falco Rules File Rules Macros Lists Rule Tagging Declaring the Expected Engine Version Replacing, Appending to, and Disabling Rules Replacing Macros, Lists, and Rules Appending to Macros, Lists, and Rules Disabling Rules Conclusion Chapter 8. The Output Framework Falco’s Output Architecture Output Formatting Output Channels Standard Output Syslog Output File Output Program Output HTTP Output gRPC Output Other Logging Options Conclusion Part III. Running Falco in Production Chapter 9. Installing Falco Choosing Your Setup Installing Directly on the Host Using a Package Manager Without Using a Package Manager Managing the Driver Running Falco in a Container Syscall Instrumentation Scenario Plugin Scenario Deploying to a Kubernetes Cluster Using Helm Using Manifests Conclusion Chapter 10. Configuring and Running Falco Configuring Falco Differences Among Installation Methods Host Installation Containers Kubernetes Deployments Command-Line Options and Environment Variables Configuration Settings Instrumentation Settings (Syscalls Only) Data Enrichment Settings (Syscalls Only) Ruleset Settings Output Settings Other Settings for Debugging and Troubleshooting Configuration File Ruleset Loading Rules Files Tuning the Ruleset Using Plugins Changing the Configuration Conclusion Chapter 11. Using Falco for Cloud Security Why Falco for AWS Security? Falco’s Architecture and AWS Security Detection Examples Configuring and Running Falco for CloudTrail Security Receiving Log Files Through an SQS Queue Reading Events from an S3 Bucket or the Local Filesystem Extending Falco’s AWS Ruleset What About Other Clouds? Conclusion Chapter 12. Consuming Falco Events Working with Falco Outputs falco-exporter Falcosidekick Observability and Analysis Getting Notified Responding to Threats Conclusion Part IV. Extending Falco Chapter 13. Writing Falco Rules Customizing the Default Falco Rules Writing New Falco Rules Our Rule Development Method Things to Keep in Mind When Writing Rules Priorities Noise Performance Tagging Conclusion Chapter 14. Falco Development Working with the Codebase The falcosecurity/falco Repository The falcosecurity/libs Repository Building Falco from Source Extending Falco Using the gRPC API Extending Falco with Plugins Preparing a Plugin in Go Plugin State and Initialization Adding Event Sourcing Capability Adding Field Extraction Capability Finalizing the Plugin Building a Plugin Written in Go Using Plugins While Developing Conclusion Chapter 15. How to Contribute What Does It Mean to Contribute to Falco? Where Should I Start? Contributing to Falcosecurity Projects Issues Pull Requests Conclusion Index About the Authors Colophon
