Configure Benchmark Tasks

Use a Benchmark Task to define:

  • the type of benchmark test to be run

  • the scope of the environment to be checked

  • the scheduled test frequency

  • the format in which you want to view the results report.

Once a task has been set up, it will run tests automatically on the scheduled timeline. You can also trigger the task manually. See Trigger a Manual Benchmark Test (Run Now).

Schedule an Automated Benchmark Test

Create a Task

  1. From the Benchmarks module, select the Schedule icon.

    The Schedule list (of existing tasks) is displayed.

    results_schedule.png
  2. Click +Add Task and define the task parameters on the New Task page:

    results_newbasic.png
    • Name: Create a meaningful name.

    • Type: Select CIS Docker Bench or CIS Kubernetes Bench.

    • Schedule: Choose a frequency and time to run the test.

    • Scope: Choose Everywhere, or narrow the scope as needed.

      (See also Grouping, Scoping, and Segmenting Metrics .)

    • Report: Select how you want to view the test results in the report.

      • All Tests: means that no filter will be applied to the Report.

        Sysdig will automatically apply the correct version of the benchmark test for your environment, based on the version of Kubernetes or Docker where the agent is installed.

      • Custom Selection: means that you will Filter Report Results .

  3. Click Save.

One Task, One Test, One Environment

To run benchmarks on environments with different Kubernetes versions, create a separate task for that scope and version. Sysdig cannot run tests for multiple versions in a single task.

Filter Report Results

Note that the full CIS benchmark test will be run, even when the Report view is filtered. See Understanding Report Filters for more information.

  1. From the Benchmarks module, select the Schedule icon and either select or create a Task.

    The Task configuration page is displayed.

    results_newtask.png
  2. For Report, choose Custom Selection.

  3. Choose the appropriate CISbenchmark version from the drop-down menu (based on the Type chosen).

    See About Benchmark Versions for details.

  4. Filter results as desired.

    1. Optional: Choose a Profile Level (1 or 2).

      Select Profile Level 1 to view only high-vulnerability results.

      Select Profile Level 2 to view only the lower-level results that were excluded from Level 1.

      Select All (no profile filter) to view complete results.

      See also: About Profile Levels.

    2. Optional: Select/deselect individual controls as desired.

    3. Optional: Select All to clear previous selections and begin again.

  5. Click Save.

Edit a Scheduled Task

  1. From the Benchmarks module, select the Schedule icon.

    The list of scheduled tasks is displayed.

  2. Select a task from the list and edit.

    Note

    Changing the Report filter settings for a task that has already been run will retroactively filter the existing report views.

  3. Click Save.

Delete a Scheduled Task

  1. From the Benchmarks module, select the Schedule icon.

  2. On the relevant task, click the More Options (three dots) icon.

    results_delete.png
  3. Select Delete task and click Yes to confirm (or No to revert the change).

Trigger a Manual Benchmark Test (Run Now)

Rather than wait for the next scheduled time for a benchmark test to run, users can choose to run a benchmark test manually.

  1. From the Benchmarks module, select the Schedule icon.

  2. On the relevant task, click the Run Now (arrow) icon.

    results_runnow.png

    A notification will state that the test was successfully run.

  3. Return to the Results tab and refresh the page after several minutes to see the results.