When operating production Kubernetes clusters, despite applying all security best practices to prevent incidents, you may still have doubts. You’d like to monitor your clusters in order to detect suspicious activities and preemptively respond to potential security breaches. During this talk, we will discover how Falco, a threat-detection engine for containers, can help to analyze activities in Kubernetes, detect suspicious behavior, and trigger alerts. After setting up a data-collection pipeline to supervise alerts coming from Falco, we will implement a set of Kubernetes routines to automatically circumscribe threats detected in the cluster. Finally, we will look at guidelines to support an organization willing to deploy Falco.