SaaS Regions and IP Ranges
Overview
Sysdig SaaS applications are deployed in five data center regions:
- US East (Virginia)
- US West AWS (Oregon)
- US West GCP (Dallas)
- AP Australia (Sydney)
- European Union (Frankfurt)
At the data centers, Sysdig ensures the best security and compliance standards for your data.
This page lists the current Sysdig SaaS domains and IP ranges for each region.
Use Cases
Code-based Access
The endpoints for Sysdig Monitor and Sysdig Secure are the same in the US West (AWS and GCP), AP Australia, and EU regions. When configuring code-based access to Sysdig Secure, use the endpoint rather than the website URL.
Single Sign-On
Sysdig SaaS users require the website address to reach the Sysdig applications. Use the appropriate website URL when configuring a single sign-on.
Collector
Additionally, Sysdig agents in a SaaS-based deployment need to be able to reach the Sysdig collector. Depending on your network configuration, you might need to modify your firewall configuration to permit outbound connections from agents to the collector.
Inbound IP Addresses
The traffic originating from the Sysdig agent to the Sysdig backend is known as inbound traffic. Allow the agent to send communication outbound on TCP 6443 to the inbound IP ranges associated with your SaaS region.
Outbound IP Addresses Also known as source IP addresses, all the traffic originating from the Sysdig backend hosted in each region flows through one of the corresponding source IP addresses.
Allowlist Guidance
Choose what to allowlist, based on the Sysdig products and features you use. The allowlist values vary based on the Sysdig Platform Region you use.
Ensure that you add download.sysdig.com to the set of URLs in the allowlist for all the Sysdig SaaS regions.
If you run:
Monitor Only
Allow:
- Monitor Domain (optional, if needed to communicate with API for, e.g., an on-prem Jenkins job)
- IP Ranges
- Collector (endpoints, ports)
- Prometheus endpoint (if using Prometheus remote write or on-prem Grafana)
Secure Vuln Management/Scanning
Allow:
- Secure Endpoint (communicates to API)
- S3 Bucket where Vulnerability DB is stored
- Node analyzer (for old engine host scanner; new engine does not require you to allow the runtime scanner)
Secure Threat Detection
Allow:
- Secure Endpoint
- Collector (endpoints, ports)
Actionable Compliance KSPM
Allow:
- Secure Endpoint
On-Premise Vulnerability Feeds
Allow:
- Secure Endpoint (communicates to API)
- S3 Bucket where Vulnerability DB is stored
Note: This is only necessary for the Vulnerability Management engine until air-gapped support is available.
Sysdig Platform Regions
US East (North Virginia)
| Sysdig Application | Domain | IP Range |
|---|---|---|
| Sysdig Monitor | https://app.sysdigcloud.com | All the traffic originating from the US East datacenter will have one of the following source IP addresses: 54.82.115.3 50.19.72.123 18.207.87.189 The inbound IP addresses are: 18.214.168.193 3.210.216.124 44.196.252.240 |
| Sysdig Secure | Endpoint: https://secure.sysdig.com Website URL: https://secure.sysdig.com | All the traffic originating from the US East datacenter will have one of the following source IP addresses: 54.82.115.3 50.19.72.123 18.207.87.189 The inbound IP addresses are: 18.214.168.193 3.210.216.124 44.196.252.240 |
| Sysdig Collector | collector.sysdigcloud.com (Collector port: 6443) | |
| Node Analyzer | https://collector-static.sysdigcloud.com/internal/scanning/scanning-analysis-collector | |
| S3 URLs for Vulnerability Management | https://secure-feeds-production-us-east-1-761931097553.s3.us-east-1.amazonaws.com | |
| API Docs | https://app.sysdigcloud.com/api/public/docs/index.html https://secure.sysdig.com/swagger.html |
US West (Oregon)
| Sysdig Application | Domain | IP Range |
|---|---|---|
| Sysdig Monitor | https://us2.app.sysdig.com | All the traffic originating from the US West datacenter will have one of the following source IP addresses: 54.218.164.215 54.244.190.180 44.232.85.27 The inbound IP addresses are: 54.190.202.108 54.203.169.53 54.70.9.188 |
| Sysdig Secure | Endpoint: https://us2.app.sysdig.com Website URL: https://us2.app.sysdig.com/secure/ | All the traffic originating from the US West datacenter will have one of the following source IP addresses: 54.218.164.215 54.244.190.180 44.232.85.27 The inbound IP addresses are: 54.190.202.108 54.203.169.53 54.70.9.188 |
| Sysdig Collector | ingest-us2.app.sysdig.com (Collector port: 6443) ingest-alt-us2.app.sysdig.com (Collector port: 443) | |
| Node Analyzer | https://us2.app.sysdig.com/internal/scanning/scanning-analysis-collector | |
| S3 URLs for Vulnerability Management | https://secure-feeds-production-us-west-2-263844535661.s3.us-west-2.amazonaws.com | |
| API Docs | https://us2.app.sysdig.com/api/public/docs/index.html https://us2.app.sysdig.com/secure/swagger.html |
US West (GCP)
| Sysdig Application | Domain | IP Range |
|---|---|---|
| Sysdig Monitor | https://app.us4.sysdig.com | Outbound IP: 34.105.1.7 34.127.13.141 Inbound IP: 34.145.19.124 |
| Sysdig Secure | Endpoint: https://app.us4.sysdig.com/ Website URL: https://app.us4.sysdig.com/secure/ | Outbound IP: 34.105.1.7 34.127.13.141 Inbound IP: 34.145.19.124 |
| Sysdig Collector | ingest.us4.sysdig.com | Inbound IP: 34.145.123.253 |
| Node Analyzer | https://app.us4.sysdig.com/internal/scanning/scanning-analysis-collector | |
| S3 URLs for Vulnerability Management | https://storage.googleapis.com/us4-prod-usw1-e33c-us-west1-us-secure-feeds | |
| API Docs | https://app.us4.sysdig.com/api/public/docs/index.html https://app.us4.sysdig.com/secure/swagger.html |
European Union
| Sysdig Application | Domain | IP Range |
|---|---|---|
| Sysdig Monitor | https://eu1.app.sysdig.com | All traffic originating from the European Union (EU) datacenter will have one of the following source IP addresses: 3.127.3.205 3.127.111.42 18.157.104.82 The inbound IP addresses are: 18.156.190.126 18.157.62.50 3.126.167.54 |
| Sysdig Secure | Endpoint: https://eu1.app.sysdig.com Website URL: https://eu1.app.sysdig.com/secure/ | All traffic originating from the European Union (EU) datacenter will have one of the following source IP addresses: 3.127.3.205 3.127.111.42 18.157.104.82 The inbound IP addresses are: 18.156.190.126 18.157.62.50 3.126.167.54 |
| Sysdig Collector | ingest-eu1.app.sysdig.com (Collector port: 6443) ingest-alt-eu1.app.sysdig.com (Collector port: 443) | |
| Node Analyzer | https://eu1.app.sysdig.com/internal/scanning/scanning-analysis-collector | |
| S3 URLs for Vulnerability Management | https://secure-feeds-production-eu-central-1-263844535661.s3.eu-central-1.amazonaws.com | |
| API Docs | https://eu1.app.sysdig.com/api/public/docs/index.html https://eu1.app.sysdig.com/secure/swagger.html |
Asia Pacific (Sydney)
| Sysdig Application | Domain | IP Range |
|---|---|---|
| Sysdig Monitor | https://app.au1.sysdig.com | Outbound IPs: 13.236.248.84 13.236.151.38 13.54.145.96 The inbound IPs: 13.238.59.195 52.62.57.59 52.64.82.29 |
| Sysdig Secure | Endpoint: https://app.au1.sysdig.com/ Website URL: https://app.au1.sysdig.com/secure/ | Outbound IPs: 13.236.248.84 13.236.151.38 13.54.145.96 The inbound IPs: 13.238.59.195 52.62.57.59 52.64.82.29 |
| Sysdig Collector | ingest.au1.sysdig.com (Collector port: 6443) ingest-alt.au1.sysdig.com (Collector port: 443) | |
| Node Analyzer | https://app.au1.sysdig.com/internal/scanning/scanning-analysis-collector | |
| S3 URLs for Vulnerability Management | https://secure-feeds-production-ap-southeast-2-263844535661.s3.ap-southeast-2.amazonaws.com | |
| API Docs | https://app.au1.sysdig.com/api/public/docs/index.html https://app.au1.sysdig.com/secure/swagger.html |
Other Feature-Specific/Region Data
Sysdig Collector Ports
Sysdig Agent uses the following ports to communicate with the Sysdig Collector.
| Regions | Port |
|---|---|
| US East | Collector: SSL/TLS 6443 Collector: TCP 6666 UI/API: HTTPS 443 |
| US West | Collector: SSL/TLS 6443 Collector Alt: SSL/TLS 443 UI/API: HTTPS 443 |
| US West (GCP) | Collector: SSL/TLS 6443 UI/API: HTTPS 443 |
| EU | Collector: SSL/TLS 6443 Collector Alt: SSL/TLS 443 UI/API: HTTPS 443 |
| Asia Pacific (Sydney) | Collector: SSL/TLS 6443 Collector Alt: SSL/TLS 443 UI/API: HTTPS 443 |
AWS Account IDs
| Regions | AWS Account IDs |
|---|---|
| US East | 761931097553 |
| US West | 263844535661 |
| EU | 263844535661 |
| Asia Pacific | 263844535661 |
Redirect URLs for Authentication
Prometheus Endpoints and Regions
Prometheus Remote Write
Prometheus Remote Write resides in the ingest endpoints for each region
under /prometheus/remote/write. The public Prometheus Remote Write
endpoints for each region are listed below:
| Region | Endpoints |
|---|---|
| US East | https://api.sysdigcloud.com/prometheus/remote/write |
| US West | https://us2.app.sysdig.com/prometheus/remote/write |
| US West (GCP) | https://app.us4.sysdig.com/prometheus/remote/write |
| European Union | https://eu1.app.sysdig.com/prometheus/remote/write |
| Asia Pacific (Sydney) | https://app.au1.sysdig.com/prometheus/remote/write |
Grafana Integrations
Use the following Prometheus endpoints for Grafana integrations.
| Region | Endpoint |
|---|---|
| US East | https://app.sysdigcloud.com/prometheus |
| US West | https://us2.app.sysdig.com/prometheus |
| US West (GCP) | https://app.us4.sysdig.com/prometheus |
| EU Central | https://eu1.app.sysdig.com/prometheus |
| Asia Pacific (Sydney) | https://app.au1.sysdig.com/prometheus |
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.