Container forensics workshop
SSHing into a container for troubleshooting or burdening it with additional monitoring tools is kind of an anti-pattern. But… you still want to have full control, traceability and visibility right? Containers are highly volatile, how can you do this if your container doesn’t exist anymore?
Probably you already know Sysdig and how it uses Linux tracepoints to collect and then process and filter kernel system calls and events. Still this requires a deep knowledge on a tcpdump like filtering syntax and understanding on the syscalls involved.
What if you could analyze system calls with an open source graphical user interface that allows to correlate high level activities like containers, processes, containers, network or file I/O and commands or logs? Let’s meet Sysdig Inspect and make our deep dive into system calls much more intuitive and visual.