2021 Archive

2021 Archive of Sysdig Monitor (SaaS) release notes.

December 17, 2021

Update on Log4j Vulnerability (CVE-2021-44228)

Sysdig confirms that all services that compose Sysdig’s Cloud Platform running Apache’s vulnerable Log4j library have been patched to 2.16. We have not detected any successful attempts at exploitation of this attack vector during that time window.

December 15, 2021

Update on Log4j Vulnerability (CVE-2021-44228)

The sysdig agent does not include the Log4j library

Sysdig is using an alternative framework for logging, called Logback. The logback framework isn’t vulnerable to this issue.

Sysdig components include a log4j library in our standard distribution that was vulnerable. This library is included for compatibility reasons only, is not used for primary logging, and our security team has determined we are not vulnerable based on our application architecture and existing mitigating controls.

Sysdig can confirm that all services that compose Sysdig’s Cloud Platform running Apache’s vulnerable Log4j library have been patched to the latest version or adds additional mitigating controls suggested by vendors. We have not detected any successful attempts at exploitation of this attack vector during that time window.

Details regarding upgrades


  • explicitly set commonsLog4jVersion = 2.15.0
  • update all of log4j-to-slf4j, log4j-api, and log4j-core to version 2.15.0

December 12, 2021

A Statement on Log4j Vulnerability (CVE-2021-44228)

Security researchers recently disclosed the vulnerability CVE-2021-44228 in Apache’s log4j, which is a common Java-based library used for logging purposes

Sysdig is using an alternative framework for logging called Logback. The logback framework isn’t vulnerable to this issue.

Sysdig components include a log4j library in our standard distribution that appears to be vulnerable. It has been confirmed that this library is included for compatibility reasons only and is not used for primary logging. As a result this should not pose any risks.

Patches will be provided to upgrade the log4j libraries that are included for compatibility reasons.

If you have any questions or concerns, please reach out to your Sysdig contact.

October 12, 2021

Expose Custom Data on Webhook Notification

Sysdig gives you the ability to specify custom data and attach it to the alert notification. For more information, see Configure a Webhook Channel.

Prometheus Recording Rules

Sysdig now supports Prometheus recording rules for metric aggregation and querying. To enable this feature in your environment, contact Sysdig Support.

Team Scope for Prometheus Remote Write

Sysdig gives you the ability to determine the granularity of data collected by Prometheus Remote Write to which team members will have the visibility. You can specify what data team members can see by specifying tag/value expressions for the metrics. The drop-down defaults to “is”, but can be changed to “is not”, “in”, “contains”, and so on. Complex policies can be created by clicking drop-down to create AND chains of several expressions.

You can view the saved team scope by hovering on the corresponding team from the User menu.

Enhanced User Experience for Monitor Integrations

The UI for Monitoring Integrations has been enhanced to include guided configuration for exporters.

  • For each integration, you can use the wizard to specify the required information and you will be provided with a single-line command to install the exporter in your cluster. You no longer have to see the documentation or the given exporter source code to guess the name of the variable to configure the credentials of your database or the SSL certificate in the connection string.

  • If you want to deploy it through your CI/CD pipeline and you cannot run commands directly in production, you also have the option to generate the manifests to upload to your repository. If you prefer a package management approach, you also have the option to use Helm charts for the Monitoring Integrations.

  • After deploying an exporter, you can see whether it is working on the wizard. Sysdig Monitor automatically detects the metrics arriving in your account and associates them to the workload. This way, it is easy to visually detect the applications that are correctly reporting metrics and those that need some attention.

For more information, see Monitoring Integrations.

Dashboard Enhancements

  • Ability to edit dashboard and panel name inline in the Panel Editor.

  • Ability to add dashboard template to favorites.

  • Moved the legacy dashboard templates to Deprecated section
  • Supports RabbitMQ Integration. Configure it using the Monitoring Integrations.
  • Added new dashboard templates for the following:
    • Fargate Usage
    • Go applications
    • Sysdig Admission Controller
    • RabbitMQ Integrations
    • Kubernetes Controller Manager
    • Kubernetes Scheduler
    • CoreDNS

Alert Enhancements

  • Added new alerts for RabbitMQ and CoreDNS integrations and for Go applications.

August 10, 2021

Monitoring Integrations

Sysdig discovers the services running in your environment and gives you visibility into deeper application performance and health telemetry by configuring a managed Monitoring Integration through PromCat. You can easily view which services you can configure an integration for, check the status of existing integrations, and leverage curated content in the alerts library and out-of-the-box dashboards.

See (Limited Availability) Configure Monitoring Integrations for more details.

Alerts Library

The Alerts Library in Sysdig Monitor gives you a recommended list of alerts to configure based on the services running in your infrastructure. The curated content from the Sysdig removes the need for guessing which alerts to configure and takes you from zero to full monitoring coverage faster.

For more information, see Alerts Library.

Alert Enhancements

The usability of the Alert page has been enhanced to include:

  • Ability to create and edit alert groups based on the service that they are representing. The alerts created from alert templates will have groups automatically assigned to them.

  • Efficient visual cues to see alert activities and identity the alerts that are not resolved. A bell icon next to an alert indicates that it has not been resolved. Alerts that are active over the past two weeks will have an event chart under the Activities Over Last Two Weeks column and an event feed on the alert details slider.

For more information, see Manage Alerts.

Enhanced Kubernetes Dashboards

We have introduced several improvements to the out-of-the-box Kubernetes dashboards:

  • Workload dashboards are refreshed with relevant status and golden signals.

  • Improved UX with panel location and color code.

  • Some workflows are simplified to make it easier for beginners in Kubernetes

  • Improved capacity planning capabilities.

  • Text boxes are easier to read and locate near the relevant panels.

July 19, 2021

Customized Session Expiration

Session expiration is the amount of time a user can remain idle before the session is automatically ended or expired. After the session expires, the user must log in to the Sysdig application again.

Sysdig now gives you the ability to make a shorter or longer idle session expiration for Sysdig applications. When a user browser is idle for a certain period of time, they will get automatically logged out. For more information, see Configure Customized Session Expiration.

Enhanced Session Logout

To offer superior user security, the logout procedure has been enhanced. When the users log out of a Sysdig application, they will be automatically be logged out of both Monitor and Secure applications.

June 01, 2021

PromQL Library

We have compiled a list of PromQL queries to give you one-click insights into the health and performance of your infrastructure. The library also includes a PromQL 101 category to give you hands-on exposure to PromQL. For more information, see PromQL Library.

Prometheus Remote Write

Sysdig supports ingesting metrics from Prometheus servers by using remote_write capabilities. In Sysdig terminology, the remote endpoints that can read Prometheus metrics are known as Prometheus Remote Write. Prometheus Remote Write does not require the Sysdig agent to be installed in the Prometheus environment. This facility expands Sysdig monitoring capability beyond Kubernetes and regular Linux kernels to environments where the Sysdig agent cannot be installed.

For more information, see Prometheus Remote Write.

Dark Mode

The dark appearance, known as Dark Mode, is available in Sysdig applications.

Sysdig can now automatically match your OS preferences. Available in Sysdig platform on-premises, or in SaaS in the US East and rolling out globally. For more information, see Configure Theme Preference.

Improved Dashboard Templates

The following Dashboard templates have been enhanced to display the data better, return improved results, and add golden signals.

  • Kubernetes

  • Application

    • Ngnix

    • Ceph

    • Ngnix Ingress

    • ElasticSearch

    • Redis

May 10, 2021

Silencing Alert Notifications

Sysdig Monitor allows you to silence alert notifications for a given scope for a predefined amount of time, and schedule silence in advance. When silenced, the alert will still be triggered and posted on the Events feed and in the graph overlays but will indicate it has been silenced. The types of notification channels you can use are Email, Slack, and Amazon SNS.

You will be notified 30 minutes before the start time and 30 minutes before the end time of a silence window. You will also be able to easily extend or end an active silence. To access the feature, navigate to Alerts > Silence on the Monitor UI.

For more information, see Silence Alert Notifications.

Workload Label

Sysdig Monitor now supports two new labels, kubernetes.workload.name and kubernetes.workload.type which can be used for scoping Dashboards and configuring Gropings.

Earlier, each type of object (deployment, replicaset, statefulset, etc.) was unique, and in turn, you needed to use different types of Kubernetes Dashboards and a different Grouping resulting in n/a, where distinct types of Kubernetes objects are listed.

For more information, see Unified Workload Labels.

New Kubernetes Dashboards

Available Resources Calculator

Ensure there is sufficient capacity in a cluster to deploy a new application.

Application Status&Overview

Understand the status of applications (workloads) running in a cluster by monitoring performance, pod health, and resource usage

Cluster Capacity Planning

Monitor the capacity of Kubernetes clusters ensuring they’re correctly sized to support new applications when they’re deployed.

Container Resource Usage&Troubleshooting

Understand the performance of the different containers running in pods across your infrastructure and identify any that are behaving anomalously.

Node Status&Overview

Monitor the health, resource usage, and network statistics for nodes running in clusters

Pod Rightsizing&Capacity Optimization

Optimize your infrastructure and better control cluster spend by ensuring pods are sized correctly. Understand if you can free up resources by reducing memory and/or CPU requests.

Pod Scheduling Troubleshooting

If a pod cannot be scheduled due to insufficient resources, use this dashboard to identify where the resource bottleneck is.

Pod Status&Overview

Monitor the health, resource usage, and network statistics for pods running as part of workloads.

April 26, 2021

Extended Label Set

Running PromQL queries is now smoother and faster with the extended label set. The extended label set is created by augmenting the incoming data with the rich metadata associated with your infrastructure and making it available in PromQL. You now no longer have to write complex queries in order to troubleshooting infrastructure issues or building dashboards and alerts. For more information, see Run PromQL Queries Faster with Extended Label Set.

Microsoft Team Channel

You can now use Microsoft Team s as a notification channel in Sysdig Monitor. See Configure a Microsoft Teams Channel for more details.

S3-Compatible Storage for Capture Files

Configuring S3-compatible storage, such as Minio or IBM Cloud Object Storage, for your Sysdig captures is now supported on Sysdig Monitor. The capability can be turned on by configuring the system appropriately, as given in (SaaS) Configure Custom S3 Storage Endpoint.

Webhook Channel Enhancements

Sysdig supports the following on a Webhook channel integration:

  • Insecure connections: You now have the ability to skip the TLS verification.

  • Custom headers: If your Webhook integrations require additional headers or data you can append to the alert format by using a custom header on the UI. This option is in addition to the existing API facility to add custom headers programmatically.

View LogDNA Alerts as Sysdig Events

If your environment has both LogDNA and Sysdig, you can view relevant LogDNA Alerts as Events in Sysdig. These Sysdig Events behave like any other type of Events in Sysdig They will be overlaid on Sysdig graphs, listed in the Event Feed, and can be used to create an Alert in the Sysdig Platform. The link provided in the Event Details redirects you to the LogDNA Platform, in case further investigation is needed. For more information, see LogDNA Events.

March 03, 2021

PromQL Query Explorer

PromQL Query Explorer helps you understand metrics and their labels and values, and create queries faster before using them in Dashboards and Alerts.

PromQL can be used not only with metrics collected from Prometheus endpoints but also with Sysdig native metrics collected by the agent. For more information, see PromQL Query Explorer.

IBM Cloud Functions

You can now use IBM Cloud Functions as a notification channel in Sysdig Monitor. See Configure IBM Cloud Functions Channel for more details.

SAML Single Logout

Sysdig supports SAML Single Logout. This feature enables you to configure automatic logout from the Identity Provider when users log out of Sysdig. This feature is currently available for SaaS regions US-West and EU-Central. For more information, see Configure SAML Single Logout.

Enhanced Dashboard Scope Session

When returning to a previously visited Dashboard the UI retains your last used scope.

February 05, 2021

Import Prometheus Alert Rules

You have now the ability to import Prometheus alert rules into Sysdig Monitor. The ease of YAML import makes it significantly convenient to tap into Prometheus ecosystem resources, such as promcat.io.

For more information, see Import Prometheus Alert Rules.

UX Improvements

Sysdig Monitor interface has been enhanced to provide the following capabilities:

  • Edit dashboard scopes in a panel editor.

  • Set a dashboard template as the team entry point.

January 05, 2021

Improved Alerts

The Alert interface has been improved to allow faster browsing and easier management. For more information, see Alerts.