In this hands-on workshop, you’ll learn how to audit Kubernetes API Server events using Falco, the real-time intrusion detection tool, and Falcosidekick, its powerful integration companion. We’ll cover setting up API Server audit logging, customizing Falco rules to detect specific activities, and forwarding these events to destinations like Slack, Elasticsearch, or Prometheus using Falcosidekick.

By the end of this session, you’ll gain a comprehensive understanding of how to enhance the security and observability of your Kubernetes cluster while implementing effective strategies to monitor and respond to suspicious or unwanted activities.