├── COPYING
├── README.md
├── exercise1
    ├── commands
    ├── docker-compose.yml
    ├── nginx_rules.done.yaml
    ├── nginx_rules.yaml
    └── rules
    │   └── .gitkeep
├── exercise2
    ├── aws-creds
    ├── commands
    ├── k8s-using-daemonset
    │   ├── README.md
    │   ├── falco-event-generator-deployment.yaml
    │   ├── k8s-with-rbac
    │   │   ├── falco-account.yaml
    │   │   ├── falco-config
    │   │   │   ├── falco.yaml
    │   │   │   ├── falco_rules.local.yaml
    │   │   │   ├── falco_rules.yaml
    │   │   │   └── k8s_audit_rules.yaml
    │   │   ├── falco-daemonset-configmap.yaml
    │   │   └── falco-service.yaml
    │   └── k8s-without-rbac
    │   │   └── falco-daemonset.yaml
    ├── k8s_audit_config
    │   ├── README.md
    │   ├── apiserver-config.patch.sh
    │   ├── audit-policy.yaml
    │   ├── enable-k8s-audit.sh
    │   └── webhook-config.yaml.in
    └── start.sh
├── exercise3
    ├── commands
    ├── kubernetes-response-engine
    │   ├── README.md
    │   ├── deployment
    │   │   ├── aws
    │   │   │   ├── .gitignore
    │   │   │   ├── Makefile
    │   │   │   ├── README.md
    │   │   │   ├── cluster-role-binding.yaml
    │   │   │   ├── cluster-role.yaml
    │   │   │   ├── lambda.tf
    │   │   │   ├── outputs.tf
    │   │   │   └── sns.tf
    │   │   ├── cncf
    │   │   │   ├── Makefile
    │   │   │   ├── README.md
    │   │   │   ├── cluster-role-binding.yaml
    │   │   │   ├── cluster-role.yaml
    │   │   │   ├── kubeless
    │   │   │   │   ├── kubeless-namespace.yaml
    │   │   │   │   ├── kubeless-v1.0.0-alpha.6.yaml
    │   │   │   │   └── nats-v1.0.0-alpha.6.yaml
    │   │   │   ├── nats
    │   │   │   │   ├── deployment-rbac.yaml
    │   │   │   │   └── nats-cluster.yaml
    │   │   │   └── network-policy.yaml
    │   │   └── google-cloud
    │   │   │   ├── .gitignore
    │   │   │   ├── Makefile
    │   │   │   ├── README.md
    │   │   │   └── pubsub.tf
    │   ├── falco-nats
    │   │   ├── .gitignore
    │   │   ├── Dockerfile
    │   │   ├── Makefile
    │   │   ├── README.md
    │   │   └── main.go
    │   ├── falco-pubsub
    │   │   ├── .gitignore
    │   │   ├── Dockerfile
    │   │   ├── Makefile
    │   │   ├── go.mod
    │   │   ├── go.sum
    │   │   └── main.go
    │   ├── falco-sns
    │   │   ├── .gitignore
    │   │   ├── Dockerfile
    │   │   ├── Makefile
    │   │   ├── README.md
    │   │   └── main.go
    │   ├── playbooks
    │   │   ├── .gitignore
    │   │   ├── Pipfile
    │   │   ├── Pipfile.lock
    │   │   ├── README.md
    │   │   ├── deploy_playbook
    │   │   ├── deploy_playbook_aws
    │   │   ├── deploy_playbook_gke
    │   │   ├── extra
    │   │   │   └── aws-iam-authenticator
    │   │   ├── functions
    │   │   │   ├── capture.py
    │   │   │   ├── delete.py
    │   │   │   ├── demisto.py
    │   │   │   ├── isolate.py
    │   │   │   ├── phantom.py
    │   │   │   ├── slack.py
    │   │   │   └── taint.py
    │   │   ├── playbooks
    │   │   │   ├── __init__.py
    │   │   │   ├── alert_subscriber.py
    │   │   │   └── infrastructure.py
    │   │   ├── setup.py
    │   │   └── specs
    │   │   │   ├── alert_subscriber_spec.py
    │   │   │   ├── infrastructure
    │   │   │       ├── demisto_client_spec.py
    │   │   │       ├── kubernetes_client_spec.py
    │   │   │       ├── phantom_client_spec.py
    │   │   │       └── slack_client_spec.py
    │   │   │   ├── playbooks
    │   │   │       ├── add_message_to_slack_playbook_spec.py
    │   │   │       ├── create_container_in_phantom_playbook_spec.py
    │   │   │       ├── create_incident_in_demisto_playbook_spec.py
    │   │   │       ├── delete_pod_playbook_spec.py
    │   │   │       ├── network_isolate_pod_playbook_spec.py
    │   │   │       ├── start_sysdig_capture_for_container_playbook_spec.py
    │   │   │       └── taint_node_playbook_spec.py
    │   │   │   └── support
    │   │   │       └── deployment.yaml
    │   └── sysdig-capturer
    │   │   ├── Dockerfile
    │   │   ├── Makefile
    │   │   └── docker-entrypoint.sh
    └── nginx.yaml
└── exercise4
    ├── commands
    ├── e4-kibana-data.json
    ├── es-values.yaml
    └── kb-values.yaml


/COPYING:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/COPYING


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/README.md


--------------------------------------------------------------------------------
/exercise1/commands:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise1/commands


--------------------------------------------------------------------------------
/exercise1/docker-compose.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise1/docker-compose.yml


--------------------------------------------------------------------------------
/exercise1/nginx_rules.done.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise1/nginx_rules.done.yaml


--------------------------------------------------------------------------------
/exercise1/nginx_rules.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise1/nginx_rules.yaml


--------------------------------------------------------------------------------
/exercise1/rules/.gitkeep:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/exercise2/aws-creds:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise2/aws-creds


--------------------------------------------------------------------------------
/exercise2/commands:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise2/commands


--------------------------------------------------------------------------------
/exercise2/k8s-using-daemonset/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise2/k8s-using-daemonset/README.md


--------------------------------------------------------------------------------
/exercise2/k8s-using-daemonset/falco-event-generator-deployment.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise2/k8s-using-daemonset/falco-event-generator-deployment.yaml


--------------------------------------------------------------------------------
/exercise2/k8s-using-daemonset/k8s-with-rbac/falco-account.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise2/k8s-using-daemonset/k8s-with-rbac/falco-account.yaml


--------------------------------------------------------------------------------
/exercise2/k8s-using-daemonset/k8s-with-rbac/falco-config/falco.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise2/k8s-using-daemonset/k8s-with-rbac/falco-config/falco.yaml


--------------------------------------------------------------------------------
/exercise2/k8s-using-daemonset/k8s-with-rbac/falco-config/falco_rules.local.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise2/k8s-using-daemonset/k8s-with-rbac/falco-config/falco_rules.local.yaml


--------------------------------------------------------------------------------
/exercise2/k8s-using-daemonset/k8s-with-rbac/falco-config/falco_rules.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise2/k8s-using-daemonset/k8s-with-rbac/falco-config/falco_rules.yaml


--------------------------------------------------------------------------------
/exercise2/k8s-using-daemonset/k8s-with-rbac/falco-config/k8s_audit_rules.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise2/k8s-using-daemonset/k8s-with-rbac/falco-config/k8s_audit_rules.yaml


--------------------------------------------------------------------------------
/exercise2/k8s-using-daemonset/k8s-with-rbac/falco-daemonset-configmap.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise2/k8s-using-daemonset/k8s-with-rbac/falco-daemonset-configmap.yaml


--------------------------------------------------------------------------------
/exercise2/k8s-using-daemonset/k8s-with-rbac/falco-service.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise2/k8s-using-daemonset/k8s-with-rbac/falco-service.yaml


--------------------------------------------------------------------------------
/exercise2/k8s-using-daemonset/k8s-without-rbac/falco-daemonset.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise2/k8s-using-daemonset/k8s-without-rbac/falco-daemonset.yaml


--------------------------------------------------------------------------------
/exercise2/k8s_audit_config/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise2/k8s_audit_config/README.md


--------------------------------------------------------------------------------
/exercise2/k8s_audit_config/apiserver-config.patch.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise2/k8s_audit_config/apiserver-config.patch.sh


--------------------------------------------------------------------------------
/exercise2/k8s_audit_config/audit-policy.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise2/k8s_audit_config/audit-policy.yaml


--------------------------------------------------------------------------------
/exercise2/k8s_audit_config/enable-k8s-audit.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise2/k8s_audit_config/enable-k8s-audit.sh


--------------------------------------------------------------------------------
/exercise2/k8s_audit_config/webhook-config.yaml.in:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise2/k8s_audit_config/webhook-config.yaml.in


--------------------------------------------------------------------------------
/exercise2/start.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise2/start.sh


--------------------------------------------------------------------------------
/exercise3/commands:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/commands


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/README.md


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/deployment/aws/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/deployment/aws/.gitignore


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/deployment/aws/Makefile:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/deployment/aws/Makefile


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/deployment/aws/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/deployment/aws/README.md


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/deployment/aws/cluster-role-binding.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/deployment/aws/cluster-role-binding.yaml


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/deployment/aws/cluster-role.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/deployment/aws/cluster-role.yaml


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/deployment/aws/lambda.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/deployment/aws/lambda.tf


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/deployment/aws/outputs.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/deployment/aws/outputs.tf


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/deployment/aws/sns.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/deployment/aws/sns.tf


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/deployment/cncf/Makefile:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/deployment/cncf/Makefile


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/deployment/cncf/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/deployment/cncf/README.md


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/deployment/cncf/cluster-role-binding.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/deployment/cncf/cluster-role-binding.yaml


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/deployment/cncf/cluster-role.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/deployment/cncf/cluster-role.yaml


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/deployment/cncf/kubeless/kubeless-namespace.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Namespace
4 | metadata:
5 |   name: kubeless
6 | 


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/deployment/cncf/kubeless/kubeless-v1.0.0-alpha.6.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/deployment/cncf/kubeless/kubeless-v1.0.0-alpha.6.yaml


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/deployment/cncf/kubeless/nats-v1.0.0-alpha.6.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/deployment/cncf/kubeless/nats-v1.0.0-alpha.6.yaml


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/deployment/cncf/nats/deployment-rbac.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/deployment/cncf/nats/deployment-rbac.yaml


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/deployment/cncf/nats/nats-cluster.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/deployment/cncf/nats/nats-cluster.yaml


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/deployment/cncf/network-policy.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/deployment/cncf/network-policy.yaml


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/deployment/google-cloud/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/deployment/google-cloud/.gitignore


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/deployment/google-cloud/Makefile:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/deployment/google-cloud/Makefile


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/deployment/google-cloud/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/deployment/google-cloud/README.md


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/deployment/google-cloud/pubsub.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/deployment/google-cloud/pubsub.tf


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/falco-nats/.gitignore:
--------------------------------------------------------------------------------
1 | falco-nats
2 | 


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/falco-nats/Dockerfile:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/falco-nats/Dockerfile


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/falco-nats/Makefile:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/falco-nats/Makefile


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/falco-nats/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/falco-nats/README.md


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/falco-nats/main.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/falco-nats/main.go


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/falco-pubsub/.gitignore:
--------------------------------------------------------------------------------
1 | falco-pubsub
2 | 


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/falco-pubsub/Dockerfile:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/falco-pubsub/Dockerfile


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/falco-pubsub/Makefile:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/falco-pubsub/Makefile


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/falco-pubsub/go.mod:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/falco-pubsub/go.mod


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/falco-pubsub/go.sum:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/falco-pubsub/go.sum


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/falco-pubsub/main.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/falco-pubsub/main.go


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/falco-sns/.gitignore:
--------------------------------------------------------------------------------
1 | falco-sns
2 | 


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/falco-sns/Dockerfile:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/falco-sns/Dockerfile


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/falco-sns/Makefile:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/falco-sns/Makefile


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/falco-sns/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/falco-sns/README.md


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/falco-sns/main.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/falco-sns/main.go


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/.gitignore


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/Pipfile:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/Pipfile


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/Pipfile.lock:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/Pipfile.lock


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/README.md


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/deploy_playbook:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/deploy_playbook


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/deploy_playbook_aws:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/deploy_playbook_aws


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/deploy_playbook_gke:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/deploy_playbook_gke


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/extra/aws-iam-authenticator:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/extra/aws-iam-authenticator


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/functions/capture.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/functions/capture.py


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/functions/delete.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/functions/delete.py


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/functions/demisto.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/functions/demisto.py


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/functions/isolate.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/functions/isolate.py


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/functions/phantom.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/functions/phantom.py


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/functions/slack.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/functions/slack.py


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/functions/taint.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/functions/taint.py


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/playbooks/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/playbooks/__init__.py


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/playbooks/alert_subscriber.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/playbooks/alert_subscriber.py


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/playbooks/infrastructure.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/playbooks/infrastructure.py


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/setup.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/setup.py


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/specs/alert_subscriber_spec.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/specs/alert_subscriber_spec.py


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/specs/infrastructure/demisto_client_spec.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/specs/infrastructure/demisto_client_spec.py


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/specs/infrastructure/kubernetes_client_spec.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/specs/infrastructure/kubernetes_client_spec.py


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/specs/infrastructure/phantom_client_spec.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/specs/infrastructure/phantom_client_spec.py


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/specs/infrastructure/slack_client_spec.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/specs/infrastructure/slack_client_spec.py


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/specs/playbooks/add_message_to_slack_playbook_spec.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/specs/playbooks/add_message_to_slack_playbook_spec.py


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/specs/playbooks/create_container_in_phantom_playbook_spec.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/specs/playbooks/create_container_in_phantom_playbook_spec.py


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/specs/playbooks/create_incident_in_demisto_playbook_spec.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/specs/playbooks/create_incident_in_demisto_playbook_spec.py


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/specs/playbooks/delete_pod_playbook_spec.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/specs/playbooks/delete_pod_playbook_spec.py


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/specs/playbooks/network_isolate_pod_playbook_spec.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/specs/playbooks/network_isolate_pod_playbook_spec.py


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/specs/playbooks/start_sysdig_capture_for_container_playbook_spec.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/specs/playbooks/start_sysdig_capture_for_container_playbook_spec.py


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/specs/playbooks/taint_node_playbook_spec.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/specs/playbooks/taint_node_playbook_spec.py


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/playbooks/specs/support/deployment.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/playbooks/specs/support/deployment.yaml


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/sysdig-capturer/Dockerfile:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/sysdig-capturer/Dockerfile


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/sysdig-capturer/Makefile:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/sysdig-capturer/Makefile


--------------------------------------------------------------------------------
/exercise3/kubernetes-response-engine/sysdig-capturer/docker-entrypoint.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/kubernetes-response-engine/sysdig-capturer/docker-entrypoint.sh


--------------------------------------------------------------------------------
/exercise3/nginx.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise3/nginx.yaml


--------------------------------------------------------------------------------
/exercise4/commands:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise4/commands


--------------------------------------------------------------------------------
/exercise4/e4-kibana-data.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise4/e4-kibana-data.json


--------------------------------------------------------------------------------
/exercise4/es-values.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise4/es-values.yaml


--------------------------------------------------------------------------------
/exercise4/kb-values.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/falcosecurity-retire/falco-security-workshop/HEAD/exercise4/kb-values.yaml


--------------------------------------------------------------------------------