Sysdig Installation Guides

This guide describes deployment options for various Sysdig components.

For Sysdig Secure and Sysdig Monitor

Sysdig Agent

For Sysdig Secure Only

Secure for Cloud Only

Sysdig Secure for Cloud connection components: CIS Benchmarks, threat detection based on cloud provider native logs and compute resources, and registry image scanning.

Sysdig Installation Component Index

This section helps identify the components you must install to use various Sysdig features.

Sysdig Monitor

FeaturesInstallation Components
Advisor / Overview
Prometheus Service Discovery
Sysdig Agent. Alternatively, you can use Prometheus Remote Write. While you can use Sysdig Monitor with Prometheus Remote Write, system metrics, extended label set, and the scope tree will not be available as it does not collect syscall events.
AWS CloudWatch MetricsNone. Configured in the Sysdig Monitor UI.

Sysdig Secure

To take advantage of Sysdig Secure’s latest features, including Vulnerability Management and Actionable Compliance, use the sysdig-deploy helm chart. Currently, helm is the only supported installation method to avail the latest features.

The helm chart includes sub-charts for the following:

Sysdig Secure for Cloud components have their own install procedures, depending on the cloud environment.

Runtime Security / Threat Detection

FeaturesInstallation Components
WorkloadSysdig Agent
Container DriftSysdig Agent
Image ProfilingSysdig Agent
Activity AuditSysdig Agent
Network Security Policy GenerationSysdig Agent
AWS ECS Fargate ServerlessSysdig Serverless Agent
Cloud Logs / ActivitySysdig Secure for Cloud
Kubernetes Audit LogSysdig Admission Controller

Compliance and Benchmarks

FeaturesInstallation Components
Compliance (New module, GA)KSPM Analyzer & KSPM Collector
Unified Compliance
(Legacy version )
Compliance Checks – Workload
Benchmarks - Host / Workload
Node Analyzer – Benchmark Runner
Compliance Checks – CloudSysdig Secure for Cloud
Benchmarks - CloudSysdig Secure for Cloud
CIEM/ Identity and AccessSysdig Secure for Cloud

Vulnerability Management - New Engine

FeaturesInstallation Components
Build Pipeline (CLI scanner)Sysdig-cli-scanner
RuntimeNode Analyzer - Sysdig Runtime Scanner
ReportingNode Analyzer - Sysdig Runtime Scanner
Host ScanningNode Analyzer - Sysdig Host Scanner
Registry Scanning on AWS ECSSysdig Secure for cloud


FeaturesInstallation Components
Forensic Investigation (Captures)Sysdig Agent
Rapid ResponseRapid Response

Vulnerability Management - Legacy Engine

Components Not Yet in New Engine
Host ScanningNode Analyzer – Host Scanner
Deployment time VM Policy EnforcementSysdig Admission Controller
Components Replaced by New Engine Equivalents
Image Analyzer (Runtime Scanner)Node Analyzer- image-analyzer
Build Pipeline / Inline Scanning (cli-scanner)secure-inline-scan