Config Management Camp

5 - 7 February, 2018

Gent, Belgium

Monitor your Config Management with Sysdig Falco

Michael Ducy

Config management solutions are great for setting state, but they only enforce that state when they are ran. For long running systems, how do you handle the race condition between when the configuration is set, and the next time the config management client runs. Enter Sysdig Falco. Falco is an open source behavioural activity monitor that helps detect anomalous activity in systems. With Falco you can easily write rules to detect if events take place on a system (ie file ch anged, process state changed, users added, etc) and alert on these events. This notification can trigger config management to run and revert the system to the desired state. In this talk we’ll cover the basics of Falco, how to write rules in Falco, and give a quick demo of Falco in action.

About Speaker

Michael Ducy currently works as Director of Community Evangelism for Sysdig where he is responsible for nurturing Sysdigs open source community and engaging with other like minded OSS communities. Previously, Michael worked at Chef where we held a variety of roles helping customers and community members leverage Chefs open source and paid solutions, as well as implement the ideas and practices of DevOps. Michael has also worked in a variety of roles in his career including Cloud Architecture, Systems Engineering, and Performance Engineering.