Advanced Configuration

Customize the Install

Both the Single Account and Organizational Account code examples are configured with sensible defaults for the underlying inputs. But if desired, you can edit the region, module enablement, and other Inputs. See details for:

• Single Account setup input options

• Organization setup input options

Tune Threat Detection

Note: the default ECS setup is meant to manage a low-to-medium load of AWS CloudTrail events. For use cases where the event load is high, consider scaling up the footprint according to the usage metrics.

To scale the Sysdig cloud component properly, look at the usage metrics such as CPU and RAM memory in the SQS service:

This example shows that the CPU does not have too much work to do, while memory is mostly under 25%, so no need to scale it, but if needed, you would update the Task Definition in ECS:

This is the current task under execution. Check the current task size:

This case is using half a GB of RAM and a quarter of CPU, but you can configure it and create a new revision that will be deployed by the service if we want to scale it vertically.

For horizontal scaling, update the number of replicas of the ECS Service:

Or update the service to increase the Number of Tasks:

All this scaling can be checked with both cloud connector component metrics and the SQS ingestion metrics. Those values (CPU, RAM and Replicas) can be tweaked until the CPU and RAM usage and the Message Age and Messages Delay are at acceptable levels.