SaaS: Sysdig Secure Release Notes
You may also want to review the update log for Falco rules used in the Policy Editor: Falco Rules Changelog.
The dates shown are for the initial release of a feature. The feature may not be rolled out to all regions concurrently and availability of a feature in a particular region will depend on scheduling.
Supported Web Browsers
Sysdig supports, tests, and verifies the latest versions of Chrome and Firefox. Other browsers may also work but are not tested in the same way.
May 01, 2024
RBAC Permissions Available in Vulnerability Management
Administrators can now create RBAC roles and define which roles are permitted to access the Vulnerability Management, Policy, Reporting, and Risk Acceptance functions. For more information, see Custom Roles.
April 25, 2024
CIEM Support for Google Cloud Platform
Sysdig extends its CIEM solution to support Google Cloud Platform (GCP), providing you with seamless identity and access management across their cloud environments. With this integration, organizations can streamline identity governance, enforce access controls, and enhance security within their GCP infrastructure. Our goal is to empower businesses to confidently embrace GCP while maintaining the principle of Least Privilege and having proper Identity Hygiene.
For more information, see Optimize GCP User Entitlements.
Agentless Vulnerability Scanning
AWS Agentless Host and Container Scanning is now Generally Available. For details, see AWS Scanning.
GCP and Azure Agentless Host and Container Scanning is released in Technical Preview For details, see Agentless Scanning.
Notes:
- Resources are scanned once every 24 hours and discovery occurs every 15 minutes for new cloud hosts.
- Azure resources are rescanned and re-discovered every 24 hours.
April 24, 2024
Drift Control is Now Generally Available
Drift control is now generally available (GA) to all workload security customers. To implement Drift Control, create a Container Drift policy. See Container Drift Policy Prerequisites.
Support for Volume Mounts in Drift Control
With agent version 13.1.0., Container Drift policies can detect drift events on volume binaries. You can add or modify new executables outside the monitored resource, making drift difficult to detect. Now, when executables are modified within a monitored resource, it is treated as drift. See Detect | Volume Binaries.
In Agent version 13.1.1, it is enabled by default.
In v13.1.0, add the following configuration to the
dragent.yaml
file:drift_deny_execution_from_volumes: true
Detect Threats in Microsoft Entra ID
Sysdig extends its Cloud Detection and Response (CDR) coverage to Microsoft Entra ID, supplementing Okta as an additional solution for Identity and Access Management (IAM).
Once you connect your Azure tenant, Sysdig will also connect to Entra, and monitor it with dedicated policies and rules, maintained by Sysdig Threat Research Team (TRT).
As with other sources powered by Falco, Sysdig supports customization for Entra ID threat detection.
April 22, 2024
Sysdig CLI Scanner v1.9.2 Released
The new version of CLI Scanner addresses the following:
- Fixed a defect to scan helm chart with kubeVersion set
- Fixed a defect that could make the
sysdig-cli-scanner
display a wrong pullstring when retrieving the image with the containers-storage loader
April 09, 2024
Sysdig CLI Scanner v1.9.1 Released
The new version of CLI Scanner addresses the following:
- Fixed an issue that could cause the component to print “Failed to GetDriver graph overlay” error in the output
- Fixed the following vulnerabilities:
Report Runtime Container Information
Sysdig has extended reporting capabilities for runtime container to include raw or bare containers that are not part of Kubernetes clusters, ensuring comprehensive visibility and management of vulnerabilities across your containerized environments.
The new Runtime Container entity type includes all the assets that are also available in the Runtime View with the filter asset.type = container
.
For more information, see Runtime Containers
April 04, 2024
Enhanced Vulnerability Scanning Tools
Sysdig has extended the vulnerability scanning capabilities by introducing the following:
- Instant Scans: Scan your images instantly with the Scan Now button.
- Registry Credential Management: Easily onboard your private registries by adding your registry credentials.
For more information, see Scan Now.
GCP and Azure Validation for Cloud Accounts
Sysdig has released automatic validation that covers the permissions, configurations, and resources essential for CSPM and CDR functionalities on both clouds, as well as CIEM for GCP. This check runs every 24 hours to ensure your GCP and Azure cloud accounts are connected and set up correctly.
For details, see Cloud Accounts | Validate Account Connection for GCP and Azure.
Enhanced Risk Findings
Sysdig has launched a Findings tab within the Risk feature. Select an affected resource from the Risk page to open the drawer where this new tab lives. It helps you understand all the resources involved in a specific Risk and their findings.
Sysdig also highlights the highest-impact findings and suggests fixes to reduce the most risk with the least effort.
For details, see Risks - Review Affected Resource.
March 27, 2024
Create and Edit Posture Controls
You can now create custom controls by duplicating a control and editing its parameters. Custom controls can be used in custom Posture policies and can be edited or deleted as needed. This feature is available for all teams with the permission Posture Controls: Edit See Manage Posture Controls for details.
March 26, 2024
Added CIEM to the AWS Onboarding Wizard
Sysdig has launched an improved onboarding experience for CIEM when connecting AWS Cloud Accounts. Users can now enable CIEM as part of the wizard. Sysdig then guides them through the installation process step-by-step, ensuring a seamless and personalized experience.
For details, see Connect Cloud Account | AWS.
March 22, 2024
Host Scanner v0.8.0
Sysdig released Host Scanner v0.8.0 offering support for platform scanning and addressing the following issues:
- Fixed a memory leak that could happen when disabling platform scanning
- Fixed an issue that could potentially cause memory spikes
- Fixed an issue that could cause the host-scanner to detect the operating system incorrectly when running as a binary
March 19, 2024
CISA KEV
You can now check if a vulnerability, reported by pipeline, registry, or runtime scanning, is registered in the CISA KEV catalog and filter images by CISA KEV. This allows you to view details such as the date added and due date for CISA KEV vulnerabilities. Drill down into scan results to view the CISA KEV information associated with an image. For more information, see Key Vulnerability Management Terminology.
Platform-Based Scanning
Sysdig has extended the Vulnerability Management scanning capabilities to conduct platform scanning by default. The scanning tools analyze images and host filesystems to extract the Software Bill of Materials (SBOM) and send them to the Sysdig backend for evaluation. Vulnerability matching and policy evaluation now occur within the Sysdig platform rather than on the client side.
Platform-based scanning aims to optimize computing resources, conserve data transfer, improve response time by eliminating client-side evaluation of images, and enhance the robust tracking of images across the user environment. For more information, see Platform-Based Scanning.
Improved GCP Cloud Account Onboarding
Sysdig has launched an improved onboarding experience for GCP Cloud Accounts. Users can specify their installation preferences regarding desired features. Sysdig then guides them through the installation process step-by-step, ensuring a seamless and personalized experience.
In addition, Sysdig’s Agentless CDR now supports threat detection on GCP. By leveraging Falco and its constantly updated rules managed by the Sysdig Threat Research Team, as well as custom rules tailored to specific environments and security requirements, users can connect their GCP accounts effortlessly while benefiting from robust event processing.
For details, see Connect Cloud Accounts | GCP.
March 15, 2024
Global Service Accounts
Sysdig has extended the functionality of team-based service accounts with global service accounts. Unlike team-based service accounts, global service accounts can perform actions that require system level permissions. Admins can create a global service account through the API. See Global Service Accounts
March 11, 2024
Risks Module Released in Technical Preview
We are excited to release Risks in Technical Preview. The Risks feature correlates findings from CSPM, KSPM, cloud log ingestion, CIEM, Vulnerability Management, and Agent-Based Threat Detection. By combining the most critical security issues, we prioritize the biggest risks for security teams to focus on.
For details, see Risks.
Kill Process in Workload
In Threat Detection Policies, Workload and List Matching policies can now be configured to kill the event-triggering process. For details, see Workload.
Sysdig CLI Scanner v1.9.0 Released
Sysdig released the new version of CLI Scanner with the following enhancements:
General
- Fixed CVE-2024-24786
IaC
- Fixed an error occurred during Terraform directory scanning
- Fixed an defect on severity threshold flag
- Enhanced the CLI Scanner to return exit code
1
when violations exceed threshold
VM
- Added support for Chainguard Wolfi
- Improved the CLI Scanner to avoid policy failure if the solution date is absent.
March 7, 2024
Improved Azure Cloud Account Onboarding
Sysdig has launched an improved onboarding experience for Azure Cloud Accounts. Users can specify their installation preferences regarding desired features. Sysdig then guides them through the installation process step-by-step, ensuring a seamless and personalized experience.
In addition, Sysdig’s Agentless CDR now supports threat detection on Azure. By leveraging Falco and its constantly updated rules managed by the Sysdig Threat Research Team, as well as custom rules tailored to specific environments and security requirements, users can connect their Azure accounts effortlessly while benefiting from robust event processing.
For details, see Connect Cloud Account | Azure.
March 5, 2024
Deactivate User Option
Sysdig has added the ability to configure a period of inactivity for a user, after which the user is deactivated. This helps large enterprises manage users automatically rather than manually deleting users from Sysdig.
This feature is deactivated by default. Currently, it can be enabled via API only.
For details, access the API documentation under User-Deactivation.
View Cloud Host Vulnerabilities in Inventory
Inventory now lets you search for vulnerable resources on your AWS and GCP cloud hosts (EC2 Instance, Compute Instance).
Furthermore, each cloud host’s resource-360 drawer includes vulnerability findings through a new tab.
You can also search on Package Name-Version
,
Note that Azure VM Hosts are out of scope at this time.
See Inventory for details.
Inventory UI Updates
You can now search by Host Image ID for AWS EC2 Instance and GCP Compute Instance.
March 1, 2024
Monitor Objects in S3 Buckets
Agentless AWS Cloud Threat Detection (CDR) coverage is extended to monitor operations performed on objects stored in Simple Storage Service (S3) buckets through S3 notifications.
AWS CloudTrail integration now supports:
- ReadOnly management events (whose verb starts with Get/List/Describe)
- Coverage for S3 notifications to monitor S3 buckets and extend our AWS Agentless CDR coverage.
For details, see the AWS Agentless instructions to connect a cloud account.
February 29, 2024
Improved Overview Page in Identity and Access (CIEM)
We are excited to unveil the new and improved Overview Page for Sysdig’s Identity and Access (CIEM) feature. This version offers visual dashboards and a quick view into identity risks, enabling organizations to enhance their security posture with ease.
For details, see Identity and Access Overview.
February 28, 2024
Global Accept Risk on Posture Controls
Users can now accept risk on a Posture control for all failing resources, including future resources, and improve compliance results at scale while managing risk.
For details, see Accept Risk Globally on a Control.
February 22, 2024
AWS Validation for Cloud Accounts
Sysdig has released automatic validation that covers the permissions, configurations, and resources essential for CSPM, CDR, and Agentless Host Scanning functionalities. This check runs every 24 hours to ensure your AWS cloud accounts are connected and set up correctly.
For details, see Validate Account Connection for AWS.
Alerting for Vulnerability Policies
Sysdig has introduced notification channels to enable near real-time alerting for vulnerability policies. You can now extend any vulnerability policy with a notification channel, including Slack, Email, Teams, and Webhook.
WHAT?
- Ability to send and receive alerts from Sysdig in different scenarios.
- Ability to include triggers any vulnerability policy rule including vulnerability detections and root user configuration
- The Use of the Notifications Channel aligns with other alerting in the functions in the Secure Platform
WHY?
- Provides insight into failing policies in regulated zones
- Triggers workflows in ticketing systems
- Alerts the operation teams through notification channels
- Provides action messages on critical events
For more information, see Vulnerability Policy Alerts.
February 14, 2024
Registry Scanner v0.2.67 Released
Sysdig released the new version of Registry Scanner allowing you to run the registry scanner in ARM architecture.
Legacy Inline Scanner v 2.4.28 Released
Added support for Docker version 25.
February 12, 2024
Host Scanner v0.7.5
Sysdig released Host Scanner v0.7.5, addressing an issue where special characters prevented the display of non-Kubernetes results in the UI. It also bumped dependencies to address the following security vulnerabilities:
- CVE-2024-21626
- CVE-2023-29491
- CVE-2023-29491
- CVE-2023-48795
February 9, 2024
Runtime Resource Types
Sysdig has introduced the following new types of resources for AWS, bringing the total to 122 different supported runtime resource types:
- IAM Role Policy Attachment
- Lambda Function Alias
- Lambda Function URL Configuration
- Lambda Policy
- Lambda Provisioned Concurrency Config
Infrastructure as Code (IaC) and Runtime Resource Parity
AWS Parity Between IaC and Runtime Resource Types
The parity level of IaC resources for AWS Terraform provider is now of 85%, supporting 99 different resource types.
Microsoft Azure Parity Between IaC and Runtime Resource Types
The parity level of IaC resources for Microsoft Azure Terraform provider is now of 99%, supporting 57 different resource types.
Google Cloud Parity Between IaC and Runtime Resource Types
The parity level of IaC resources for GCP Terraform provider is now of 15%, supporting 32 different resource types across the following categories:
- Audit & Monitoring
- Compute
- Database
- Encryption & Secrets
- IAM
- Management
- Networking
- Storage
High Profile Controls
High Profile Controls for AWS
Sysdig has introduced a complete set of 24 high profile controls for the following categories:
- Audit & Monitoring: 6 controls
- Database: 18 controls
These controls affect the following AWS services:
- DynamoDB
- ElastiCache
- Simple Notification Service (SNS)
Personalized Controls
As part of the continuous endeavor to incorporate parameters into controls that are amenable to accepting them, 18 new controls have been personalized for the cloud. See the complete list of customizable controls.
February 7, 2024
Legacy Inline Scanner v 2.4.27 Released
Changes
- Updated anchore to 0.8.1-68 (February 2024)
Fixes
Vulnerability fixes for the following high-severity CVEs:
February 05, 2024
Registry Scanner v0.2.65 Released
Sysdig released the new version of Registry Scanner with the following fixes:
Fixed a pagination issue on Quay Registry.
Fixed the following vulnerabilities:
Use Registry Scanner v0.2.65 by updating helm charts to version 1.1.30.
CLI Scanner v1.8.3 Released
Sysdig released the new version of CLI scanner with the following:
Added CISA KEV data to JSON output to indicate if the given vulnerability is included in the CISA KEV. If it is reported in the CISA KEV catalog, the JSON output provides the following:
publishDateByVendor
: When the vulnerability was added to the catalog.cisakev.dueDate
: The deadline by which organizations, particularly federal agencies, are mandated to apply necessary patches or mitigations to safeguard their systems from potential exploitation.cisakev.knownRansomwareCampaignUse
: Indicates whether the CISA KEV is known to have been leveraged as part of a ransomware campaign.
Fixed the following vulnerabilities:
January 31, 2024
Container Actions and Captures added to More Policies
Sysdig agent supports the following new actions in Container Drift policies and Malware policies:
- The ability to create capture files
- The ability to Kill/Pause/Stop a container
Malware policies are currently in Controlled Availability. Contact Sysdig Support for access to the Malware feature.
These features require Sysdig Agent v12.20+.
January 24, 2024
Infrastructure as Code (IaC) and Runtime Resource Parity
AWS Parity Between IaC and Runtime Resource Types
The parity level of IaC resources for AWS Terraform provider is now of 84%, supporting 94 different resource types across the following categories:
- Audit & Monitoring
- Compute
- Database
- Encryption & Secrets
- IAM
- Managed Services
- Management
- Networking
- Security & Compliance
- Storage
Microsoft Azure Parity Between IaC and Runtime Resource Types
The parity level of IaC resources for Microsoft Azure Terraform provider is now of 97%, supporting 56 different resource types across the following categories:
- Audit & Monitoring
- Compute
- Database
- Encryption & Secrets
- IAM
- Management
- Networking
- Storage
High Profile Controls
High Profile Controls for AWS
Sysdig has introduced a complete set of 53 high profile controls for the following categories:
- Audit & Monitoring: 1 control
- Compute: 25 controls
- Managed Services: 5 controls
- Management: 2 controls
- Networking: 18 controls
- Security & Compliance: 2 controls
These controls affect the following AWS services:
- AWS Certificate Manager (ACM)
- API Gateway
- Autoscaling
- CloudFront
- Elastic Compute Cloud (EC2)
- Elastic Container Service (ECS)
- Elastic Beanstalk
- Lambda
- Simple Notification Service (SNS)
- Systems Manager (SSM)
- Web Application Firewall (WAF)
High profile controls for Microsoft Azure
Sysdig has introduced a complete set of 28 high profile controls for the following categories:
- Audit & Monitoring: 8 controls
- Compute: 9 controls
- Management: 11 controls
These controls affect the following Microsoft Azure services:
- AppService
- Defender
- Monitoring
Personalized Controls
As part of the ongoing effort of adding parameters to the controls that are susceptible of accepting them, 23 controls have been personalized for cloud and Kubernetes. Please refer to the complete list of customizable controls.
Compliance Results Show Passing Count
The Compliance Results page now includes a column to display the number of controls that are passing for each resource.
See Compliance for details.
January 18, 2024
Data Types for Events Forwarding
Sysdig is happy to announce the General Availability for Activity Audit data type in Events Forwarding. Additionally, we have initiated the deprecation process for the following legacy data types:
- Legacy Runtime policy event format, replaced by the new format
- Legacy Compliance v1 events (Secure events compliance and Benchmark events), part of the Legacy compliance
- Legacy Vulnerability Scanner v1, part of the Legacy scanning engine
Effective immediately, the creation of new integrations using this format is no longer possible. The removal of these integrations will be finalized when the replacement features are available across all environments, with dedicated announcements to follow.
Host Scanner v0.7.4
Sysdig released Host Scanner v0.7.4, addressing a date handling issue that prevented non-kubernetes results from appearing in the UI. The release also updated the DEBUG
environmental variable to be compatible with older versions. Log level values, such as INFO
, TRACE
, or boolean values where true
enables DEBUG
level are now accepted.
January 9, 2024
Filter for Updated Threat Detection Rules
We have added a new drop-down filter on the Rules Library page to easily review recent changes made to rules and exceptions.
See View Recent Changes to a Rule for details.
January 04, 2024
Introducing Infrastructure as Code (IaC) Scanning Integration to Sysdig CLI Scanner
Sysdig is thrilled to announce a major advancement to the sysdig-cli-scanner
tool with the integration of Infrastructure as Code (IaC) scanning functionality. This release empowers users to seamlessly scan IaC resources for potential risks and compliance issues, enhancing the security posture of your development workflows. By using the familiar sysdig-cli-scanner
interface, you can initiate IaC scans to identify potential risks and compliance issues early in the development lifecycle. The tool continues to support the basic functionality.
Key Features
- A comprehensive exit code system for easy interpretation of scan results
- Role-Based Access Control (RBAC) for precise control over permissions
- Cross-platform compatibility
- Ability to integrate into existing workflows, such as CI/CD pipelines
- Use of API Token for authentication, ensuring consistency with the VM CLI
- Simple command execution
See Run Sysdig CLI Scanner in IaC Mode for details.
2023 Archive
2023 Archive of Sysdig Secure (SaaS) released features.
2022 Archive
2022 Archive of Sysdig Secure (SaaS) released features.
2021 Archive
2021 Archive of Sysdig Secure (SaaS) released features.
2020 Archive
2020 Archive of Sysdig Secure (SaaS) release notes.
2019 Archive
2019 Archive of Sysdig Secure (SaaS) release notes.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.