Training > Cloud & Containers > Detecting Cloud Runtime Threats with Falco (LFS254)
Training Course

Detecting Cloud Runtime Threats with Falco (LFS254)

Learn about Falco and how to install and use it in securing cloud native environments.

Who Is It For

This course is designed for IT professionals, security analysts, DevOps engineers, and anyone looking to expand their knowledge and skills in cloud native runtime security.
read less read more
What You’ll Learn

Explore Falco’s basics, history, design, and its role in cloud security. Dive into its architecture, threat detection methods, setup, rule customization, and output management.
read less read more
What It Prepares You For

By the end of this course, you should be able to install and use Falco to secure cloud native applications. You’ll also gain hands-on experience in crafting Falco rules, managing outputs, and configuring Falco to fit your specific needs.
read less read more
Course Outline
Chapter 1. Course Introduction
Chapter 2. Introduction to Falco
Chapter 3. Getting Started with Falco
Chapter 4. Syscall Data Source (Host Security)
Chapter 5. Other Data Sources (Cloud Security)
Chapter 6. Conditions and Fields
Chapter 7. Falco Rules
Chapter 8. Customizing Falco Rules
Chapter 9. Outputs and Falcosidekick
Chapter 10. Configuring Falco
Chapter 11. Writing Falco Rules

In order to complete this course, learners should be familiar with the following:

  • Basic concepts of cloud computing and cloud security.
  • Basic knowledge of Linux and command-line interface.
  • Basic understanding of system calls and their role in operating systems.
  • Familiarity with Kubernetes, including concepts like Pods, Services, and Deployments.
Lab Info
In order to complete this course, learners should have the following:

  • A computer with a modern operating system capable of running Docker and Kubernetes.
  • Access to a Kubernetes cluster for certain exercises (this could be a local minikube, a Docker Desktop, or a cloud-based Kubernetes service).
  • Internet access for downloading necessary resources and tools.

If using a cloud provider like GCP or AWS, you should be able to complete the lab exercises using the free tier or credits provided to you. However, you may incur charges if you exceed the credits initially allocated by the cloud provider, or if the cloud provider’s terms and conditions change.