Getting Started with eBPF for Monitoring | Hal Pomeranz & Jon Reeve | 1-Hour
June 30, 2022 @ 1:00 pm - 2:00 pm
In this Antisyphon Anti-cast, Hal Pomeranz & Jon Reeve will focus on how to get you up and running with eBPF as an essential monitoring platform.
You may have heard of eBPF as an alternative for network filtering and security policy enforcement. But as with any deep inspection platform, eBPF provides unparalleled visibility into what is happening in your Linux operating system from moment to moment.
This talk will get you up and running with eBPF as an essential monitoring platform, and contrast what is available via eBPF vs the auditd output that you may be used to.
We’ll also have team Spyderbat drop by to show you what a mature security alerting system based on eBPF can look like.
Chat with your fellow attendees in the Infosec Knowledge Sharing Discord server here: https://discord.gg/fr5wqbF — in the #webcast-live-chat channel.