Despite working for different areas, Prometheus – an open source event monitoring and alerting tool – and Falco – an open source runtime threat detection tool – complement each other to build a reliable monitoring and security tool set. Far too often, developers lack the visibility on the open source tools' landscape to incorporate them into their environments.

In this talk, attendees will learn how to combine the tools through real-life examples that will show how to write and customize Falco rules and Prometheus PromQL queries. Learning how to do this is key to address situations where unexpected behavior can occur, achieving a faster response time. The speakers will dive into common issues users run into, and discuss best practices that will allow rules to be better targeted, more efficient, and informative.

This talk is directed to cloud engineers and SREs using Prometheus in their daily workflow, and also interested in monitoring best-practices, adding Falco to their tool set.

In this session we'll tackle:

Why visibility is important and what are the most common blind spots SREs miss?

How you can prevent resource wasting, slow reaction time and potential advance persistent threats.

How can Prometheus and Falco be used to gain better visibility in your Kubernetes environment?

What are Prometheus and Falco best practices in real-life scenarios.

How do you build your own Swiss Army Knife for stronger monitoring and detection?