Carlos is a solutions engineer at Sysdig. Before, he has worked as a monitoring consultant for adidas and other IT projects like collaboration tools, IoT, and cloud. Monitoring and visibility in Kubernetes world are his current obsessions. Metrics juggler and father of 3.
PromQL Queries for Security and Incident Response Teams
Prometheus monitoring can be useful not only for platform operators, service owners or DevOps teams but also provides great visibility to security and SOC teams.
In this talk we will go through several use cases where security and incident response teams have found themselves leveraging monitoring tools like Prometheus to identify and analyze typical attacks on containers running on Kubernetes.
A sudden sustained increase of your CPU usage might be some kind of cryptomining attack on your containers. A new CVE has been discovered and some of your apps might be affected. Your cluster is scaling out for no reason. In this talk we will cover these and more real use cases of metrics and PromQL queries that will make your DevSecOps team love Prometheus even more.