The need for Automating Incident Response

Incident response teams are already drowning in alerts - and potentially are missing critical vulnerabilities. What usefulness there is to a security scanner which tells you there are thousands of vulnerabilities but you need to take the time to go fix them?

Extending visibility and responsibility to cloud native environments compounds this challenge faced by teams of weeding through huge volumes of alerts to determine which risks are the most urgent, and how best to respond to incidents.

This session will cover how security teams can use open source projects Trivy and Tracee along with Postee to better identify high risk cloud native events, orchestrate responses with other third party integrations based on these high-fidelity insights, and execute playbooks for more automated and effective incident analysis and handling processes.

We will cover a variety of use cases ranging from simple cases such as acting upon CVE detections when performing vulnerability scans with Trivy to more complex scenarios of runtime detection using eBPF with Tracee.

The session will focus on practical use case scenarios that are commonly observed in day to day situations. All sample configuration code will also be shared.



Simar Singh

Simar is an Open Source Engineer at Aqua Security. He works on projects that improve container security. He is also an avid open source contributor outside of work and currently maintains a few ...