Installation

Sysdig Installation Guides

This guide describes deployment options for various Sysdig components.

For Sysdig Secure and Sysdig Monitor

For Sysdig Secure Only

Node Analyzer: Multi-Feature Installation for compliance benchmarks, runtime scanner, as well as for the legacy-engine host scanner and image analyzer.
Admission Controller for enhanced scanning on the legacy engine and Kubernetes audit logging (both new and old engines).
Rapid Response allows designated Advanced Users to remote connect into a host
Serverless Agents for container-based cloud environments such as Fargate.

Secure for Cloud Only

Sysdig Secure for Cloud connection components: CIS Benchmarks, threat detection based on cloud provider native logs and compute resources, and registry image scanning.

Sysdig Installation Component Index

This section helps identify the components you must install to use various Sysdig features.

Sysdig Monitor

Features	Installation Components
Advisor / Overview Dashboards Explore Alerts Prometheus Service Discovery Events	Sysdig Agent. Alternatively, you can use Prometheus Remote Write. While you can use Sysdig Monitor with Prometheus Remote Write, system metrics, extended label set, and the scope tree will not be available as it does not collect syscall events.
AWS CloudWatch Metrics	None. Configured in the Sysdig Monitor UI.

Sysdig Secure

To take advantage of Sysdig Secure’s latest features, including Vulnerability Management and Actionable Compliance, use the sysdig-deploy helm chart. Currently, helm is the only supported installation method to avail the latest features.

The helm chart includes sub-charts for the following:

Sysdig Secure for Cloud components have their own install procedures, depending on the cloud environment.

Runtime Security / Threat Detection

Features	Installation Components
Workload	Sysdig Agent
Container Drift	Sysdig Agent
Image Profiling	Sysdig Agent
Activity Audit	Sysdig Agent
Network Security Policy Generation	Sysdig Agent
AWS ECS Fargate Serverless	Sysdig Serverless Agent
Cloud Logs / Activity	Sysdig Secure for Cloud
Kubernetes Audit Log	Sysdig Admission Controller

Compliance and Benchmarks

Features	Installation Components
Compliance (New module, GA)	KSPM Analyzer & KSPM Collector
Unified Compliance (Legacy version ) Compliance Checks – Workload Benchmarks - Host / Workload	Node Analyzer – Benchmark Runner
Compliance Checks – Cloud	Sysdig Secure for Cloud
Benchmarks - Cloud	Sysdig Secure for Cloud
CIEM/ Identity and Access	Sysdig Secure for Cloud

Vulnerability Management - New Engine

Features	Installation Components
Build Pipeline (CLI scanner)	Sysdig-cli-scanner
Runtime	Node Analyzer - Sysdig Runtime Scanner
Reporting	Node Analyzer - Sysdig Runtime Scanner
Host Scanning	Node Analyzer - Sysdig Host Scanner
Registry Scanning on AWS ECS	Sysdig Secure for cloud

Response

Features	Installation Components
Forensic Investigation (Captures)	Sysdig Agent
Rapid Response	Rapid Response

Vulnerability Management - Legacy Engine

Components Not Yet in New Engine
	Host Scanning	Node Analyzer – Host Scanner
	Deployment time VM Policy Enforcement	Sysdig Admission Controller
Components Replaced by New Engine Equivalents
	Image Analyzer (Runtime Scanner)	Node Analyzer- image-analyzer
	Build Pipeline / Inline Scanning (`cli-scanner`)	secure-inline-scan

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.