SaaS: Sysdig Secure Release Notes
You may also want to review the update log for Falco rules used in the Policy Editor: Falco Rules Changelog.
The dates shown are for the initial release of a feature. The feature may not be rolled out to all regions concurrently and availability of a feature in a particular region will depend on scheduling.
Supported Web Browsers
Sysdig supports, tests, and verifies the latest versions of Chrome and Firefox. Other browsers may also work but are not tested in the same way.
December 19, 2024
Validate Public Exposure with Sysdig Exposure Validation Scanning
Sysdig now offers Public Exposure Validation, a powerful feature that confirms whether resources in your environment are genuinely accessible from the internet. By reducing exposure false positives, this feature empowers you to confidently prioritize remediation efforts, focusing on the fixes that matter to the security of your cloud environment.
Contact your Sysdig representative to enable this feature. For more information, see Network Exposure Tab.
December 18, 2024
YARA Rules and Regex Exceptions for Malware Control Policy
Sysdig released the Malware Control Policy into general availability (GA) with the following improvements:
You can now utilize YARA rules maintained by Sysdig’s Threat Research Team to enhance the policy’s detection capabilities.
You can customize exceptions for files, processes, and hashes with Regex or exact string matching.
To learn more about YARA rules and exceptions, see Malware Control Policy — Detect.
December 13, 2024
Identity Permissions Enhancement
The Identity resource drawer now highlights permissions flagged as risky by the Sysdig Threat Research team. These permissions, identified for their potential misuse by compromised identities, are accompanied by usage insights to help you achieve least privileged access.
Supported Identity types include:
- IAM Policies (AWS)
- Users (AWS, Azure, GCP)
- Roles (AWS, Azure, GCP)
- Service Identities (Azure, GCP)
Find the Risky Permissions section in the Summary tab of the Identity detail drawer. To learn more, see Understand Risky Permissions.
December 10, 2024
Enhanced Inventory API
The Inventory API has been improved by introducing the following cloud resource fields:
AWS Resources
accountName
: The AWS Account name.accountId
: The AWS account ID.
GCP Resources
projectName
: The GCP project name.projectId
: The GCP project ID.
Azure Resources
subscriptionName
: The Azure subscription name.subscriptionId
: The Azure subscription ID.
Network Exposure
Sysdig Inventory API enables you to filter by exposed resources such as buckets, workloads, and virtual machines using the isExposed
field. This field indicates whether the configuration for the resource exposes it to the internet. Sysdig introduces the validatedExposure
field to specify whether the resource, such as buckets and virtual machines, could be reached by the Sysdig’s network validator service.
For more information, see the Next Gen API Docs.
December 05, 2024
Compliance Readiness Report
Sysdig is excited to introduce Compliance Readiness Reports, the next step in reporting. Previously, it was hard to see policies structured by compliance, requirements, and controls to track what was passing or failing.
Now, you can schedule reports and view past reports to easily track progress over time. For more information, see Compliance Readiness Reports.
Graph Search
Query a graph database to search for anything in your cloud environments. The intuitive query builder ensures a seamless experience and lets you proactively identify risky patterns before they escalate into full-fledged threats.
For more information, see Graph Search.
Custom Risks
Every organization faces unique security challenges that demand a tailored approach. Sysdig Custom Risks meets this need by enabling security teams to define, write, and execute custom risk patterns. With this flexibility offered by Custom Risks, you can create adaptive queries aligned with your specific environment and risk tolerance. You can build graph queries and save them as Custom Risks for ongoing management. For more information, see Custom Risks.
December 03, 2024
Risk Automation (Technical Preview)
Introducing the technical preview release of the new Sysdig Secure Automation feature. In this release, you can create automations for new risks and risk update triggers, enabling notification channel alerts and webhook actions based on various attributes within a risk event. This feature is actively evolving, with upcoming enhancements to include additional functionality and triggers, such as vulnerability management and runtime detection.
For more information, see Risk Automation.
November 27, 2024
Service Account Expiry Notifications
We have expanded the Sysdig Secure UI to support configuring notifications for expiring Team Based Service Accounts. This builds on existing API capabilities, making token management more accessible for all users.
By enabling these notifications, you can ensure your service account tokens are renewed on time.
For more details, see Expiry Notifications.
November 19, 2024
Hide Accepted Risks
Sysdig enables you to hide accepted risks, allowing you to focus on unresolved vulnerabilities. To support this, the Sysdig Vulnerability Overview pages and the Vulnerabilities tab on the scanning result pages include a Risk Acceptance filter. This filter help you view All Risks or Accepted Risks, or hide accepted risks by selecting Risk Not Accepted.
For more information, see Filters.
November 15, 2024
New Posture Policies for AKS, SUSE, and Ubuntu
The following policies have been added to support key posture benchmarks:
- CIS Azure Kubernetes Service (AKS) Benchmark v1.4.0: Ensures improved security for Azure Kubernetes environments.
- CIS SUSE Linux Enterprise 12 Benchmark v3.1.0: Strengthens compliance for SUSE Linux Enterprise 12.
- CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0: Provides compliance checks for the newest Ubuntu Long Term Support release.
For more information, see Posture Policies Included.
CSPM Auto-Acceptance Enhancement
Sysdig-deployed components are now automatically accepted in cloud security posture management (CSPM), regardless of their namespace. This significantly reduces unnecessary alerts in Compliance reports, allowing you to focus on actionable findings.
November 14, 2024
EPSS Support
Sysdig Vulnerability Management integration and ingestion of First.org Exploit Prediction Scoring System (EPSS). Sysdig EPSS functionality is available via Scan Result API and Vulnerability Management (VM) Reporting.
In VM Reporting, this field is available as vulnEPSSPercentile
and vulnEPSSScore
Example API Output:
Example EPSS Metadata
"providersMetadata": {
"first.org": {
"epssScore": {
"score": 0.00044,
"percentile": 0.13929,
"timestamp": "2024-11-12T00:00:00Z"
}
},
...
}
Expansion of Vendor Metadata in Scan Results: RedHat and NVD
Added scores from National Vulnerability Database (NVD) and RedHat to our Scan Result API in Vulnerability Management (VM). These scores were previously available in Matching, Scoring and Data Sources. This iteration increases their availability, enabling you to take advantage of various CVSS scores and severities.
Example Provider Metadata
"providersMetadata": {
...
"nvd": {
"publishDate": "2023-11-27T22:15:07.94Z",
"cvssScore": {
"version": "3.1",
"score": 5.5,
"vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
"severity": "medium"
},
"rhel": {
"cvssScore": {
"version": "3.1",
"score": 7.8,
"vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
"severity": "high"
},
"vulndb": {
"publishDate": "2023-11-23T00:00:00Z"
}
}
These scores are also available in VM Reporting to be consumed from the following fields:
NVD
nvdVulnCvssScore
nvdVulnCvssSeverity
nvdVulnPublishDate
RedHat
rhelVulnCvssScore
rhelVulnCvssSeverity
Registry Scanner v0.6.1
The Registry Scanner does not support configuring the cron job to run more frequently than once every 24 hours.
November 06, 2024
CLI Scanner v1.18.0
Sysdig released a new version of the CLI Scanner with the following improvements:
Included a Federal Information Processing Standards (FIPS) validated cryptographic library within the binaries with suffix tag
-fips
.Added
--output
and--output-schema
flags.
The –output-json
and –json-scan-result
flags have been deprecated.
Support for EPSS, NVD CVSS, and RedHat CVSS in CLI.
The CLI Scanner now forwards this data to the Sysdig backend.
Support for public API v1 output format.
For more information, see the Public API docs.
Added fixes for the followings vulnerabilities:
Registry Scanner v0.6.0
Registry Scanner now supports AWS GovCloud. Starting from this version, Registry Scanner can scan Elastic Container Registries (ECR) whitin Gov Cloud accounts and organizations.
For more information, see Install Registry Scanner
October 29, 2024
Download SBOM Using Sysdig Secure UI
To address the growing demand for transparency and compliance in software supply chains, Sysdig has improved the scan result experience by introducing an SBOM Download button in the Sysdig Secure UI. With just one click, you can now download a comprehensive Software Bill of Materials (SBOM) that includes a complete record of components detected during a scan, formatted in the widely used CycloneDX JSON format.
This enhancement provides you with detailed access to software components, empowering you to conduct more effective audits, manage risks efficiently, and simplify compliance with industry standards.
For more information, see Download SBOM.
Runtime Scanner v1.8.1
Sysdig released a new version of Runtime Scanner with fixes for the followings vulnerabilities:
October 21, 2024
GCP Risk policies
Sysdig Risks module extends its capabilities to Google Cloud environments by adding the following risks:
- Publicly exposed GCE with Critical Vulnerability
- Publicly Exposed GCS Bucket
For more information, see Risk Policies.
October 14, 2024
Sysdig Sage for Cloud Detection and Response
Sysdig Sage for Cloud Detection and Response (CDR) is now generally available. Designed for security teams responsible for incident response and forensics, Sysdig Sage accelerates investigation and response. It provides features like command line explanations, rule and data interpretation, investigation guidance, and next-step recommendations.
With summarization and explainability, Sysdig Sage makes managing security events more efficient. See Sysdig Sage to learn more.
October 02, 2024
AWS Behavioral Analytics
Sysdig added a new type of managed policy to the AWS CloudTrail Runtime Policy type. AWS Behavioral Analytics runs on a different engine from the majority of Sysdig’s Falco-based policies. This enables the detection of sophisticated threats, such as privilege escalation attempts and reconnaissance activities across a range of AWS services. For more details, see Behavioral Analytics.
October 01, 2024
Host Scanner v0.12.3
Sysdig released a new version of Host Scanner with a fix for CVE-2024-34155 and CVE-2024-34156.
September 26, 2024
CLI Scanner v1.17.0
Sysdig released the new version of CLI Scanner with the following improvements:
- The Vulnerability Management scan result
v1beta
json output now includes aruleId
field for each Policy Rule. - Fixes CVE-2024-8260.
September 25, 2024
Host Scanner v0.12.2
Sysdig released a new version of Host Scanner with a fix for CVE-2024-8260.
September 19, 2024
Support for Jira Data Center
Sysdig Secure’s Jira Ticketing integration now supports both Jira Cloud and Jira Data Center. On-Prem users self managing their Jira Data Center can now open Jira tickets from within Sysdig Secure’s UI. See Jira Ticketing.
September 17, 2024
Integrate with Visual Studio Code
Sysdig released an extension for Visual Studio Code. You can now scan container images, apply policies, and manage vulnerabilities early in the development process, without waiting for lengthy CI/CD checks. This extension sanitizes software packages before the code is pushed to production, saving critical time and preventing security from slowing down developer workflows. To detect and fix security concerns early Integrate with Visual Studio Code.
September 13, 2024
New Compliance Mode for the CLI Tool
Sysdig has introduced a Compliance Mode for the CLI Scanner, offering enhanced flexibility and customization for policy evaluations. This release brings:
- Customizable Policy Evaluation: You can now specify the exact policies to evaluate when running the CLI Scanner against a Git repository.
- Optional Configuration File: You can now customize parameters for your scans with an optional configuration file.
- JSON Output: The CLI Scanner now supports JSON output, enabling seamless integration with external systems.
- Flexible Output Grouping: You can group scan results by resource or policy, providing more control over the output format.
Additionally, we fixed a defect that previously caused incorrect identification of the Bouncy Castle Crypto Java package.
The following vulnerabilities have also been identified and resolved:
For more information, see Install Sysdig CLI Scanner.
Host Scanner v0.12.1
Sysdig released a new version of Host Scanner with the following improvements:
- Addressed a defect which could lead to wrong identification of Bouncy Castle Crypto java package
- Fixed the following vulnerabilities:
September 10, 2024
GCP Resources in Inventory Network Exposure
Sysdig has extended the scope of the Network Exposure tab in Inventory, which reveals the exposure paths for exposed resources, to now include Google Cloud Platform (GCP) hosts and GCP Cloud Storage Buckets. See Use the Network Exposure Tab.
Registry Scanner v0.5.0
Registry Scanner now includes a Federal Information Processing Standards (FIPS) validated cryptographic library within the images with suffix tag -fips
.
September 5, 2024
Registry Scanner v0.4.0
Sysdig released a new version of Registry Scanner with the following improvements:
- Allow node selector customization for workers.
- Addressed a defect in the policy and risk acceptance evaluation that caused certain package versions in some Red Hat Enterprise Linux (RHEL) packages to be improperly parsed.
- Bottlerocket OS detection.
Host Scanner v0.12.0
Sysdig released a new version of Host Scanner with the following improvements:
- Bottlerocket OS detection.
- Added support for
MESOS_TASK_ID
docker label for usage in Quick Filters, Policies and Unified Filtering within Runtime Scanning views asmesos.task.id
.
Runtime Scanner v1.8.0
Sysdig released a new version of Runtime Scanner with the following improvements:
- Added support to replicationcontroller resource kind.
- Addressed a defect in the policy and risk acceptance evaluation that caused certain package versions in some Red Hat Enterprise Linux (RHEL) packages to be improperly parsed.
September 4, 2024
New Posture Policies
Sysdig added several new Posture Policies, further enhancing our security and compliance coverage. This release includes the following:
- Australian Government Information Security Manual (ISM) 2022
- DPDP (Digital Personal Data Protection) Act
- CCPA (California Consumer Privacy Act)
- Reserve Bank of India (RBI) Framework
- SEBI (Securities and Exchange Board of India) Act
These policies help your organization align with the latest industry standards and regulatory frameworks, ensuring comprehensive security and compliance management.
For more information, see Posture Policies Included.
August 28, 2024
Sysdig CLI Scanner v1.15.0 Released
Sysdig released the new version of CLI Scanner with the following enhancements:
VM
- Addressed a defect in the policy and risk acceptance evaluation that caused certain package versions in some Red Hat Enterprise Linux (RHEL) packages to be improperly parsed.
- Resolved a defect that caused the scanner to hang indefinitely when used with container storage during execution.
August 27, 2024
Vulnerability Management Support for Rocky Linux
Sysdig Secure Vulnerability Management now supports operating system and Package detection on Rocky Linux v8 and v9. This support leverages the respective vulnerability feeds for Rocky Linux v8 and v9 sourced from Rocky ERRATA in tandem with Sysdig’s additional vulnerability enrichment.
The agent components that support Rocky Linux are:
- CLI Scanner version v1.13.1 and above
- Cluster Shield v1.2.0 and above
- Host Scanner v0.10.2 and above
- Registry Scanner v0.2.73
August 20, 2024
Navigation Reorganization
Sysdig has streamlined and updated the UI navigation menus to help you access our security platform faster.
Events, Insights, and Investigation
Threats happen in real time. You need to be able to quickly identify those threats without having to think about the best tool to use in the moment.
Previously these threats were under different menus moving from Events, to Investigate, and Insights. We’ve moved them all under a new unified menu. We’re not stopping there, as we plan to integrate threat investigation experience in a unified workflow.
Inventory
Inventory has changed with new submenus.
- Resources is now the landing page
- Kubernetes Live & Network gets a new home
- Zones help you configure your inventory and assets as needed
Cloud Identity Entitlements
Identity is an integral part of understanding who is acting or compromised when dealing with security threats. Quickly finding and mitigating an identity risk can save precious time, stopping an ongoing threat. We have now given Identity its own section (previously under Posture).
Posture and Vulnerabilities
Compliance, previously under Posture, is now under its own section.
Vulnerabilities & Risks remain relatively unchanged, with some minor changes such as Accepted Risks now living under its respective menu.
The following table lists the mapping between the old and new menus.
Old and New Menus
Old Menu | New Menu |
Home | Home |
Risk | Risk |
Events | Threats |
Inventory | Inventory |
Vulnerabilities | Vulnerabilities |
Posture | Compliance |
Identity and Access | Identity |
n/a | Reporting |
Policies | Policies |
Insights | Threats > Activity |
Network | Inventory > Network |
Investigate | Activity Audit |
Old and New Submenus
The following table lists the mapping between the old and new submenus.
Main Menu | Old Submenu | New Submenu |
---|---|---|
Home | Home | Home |
Inventory | Inventory - Kubernetes Live | Kubernetes Live |
Inventory | Assets | |
Network | Network | |
Zones | ||
Risk | Risk | Risk |
Threats | Events | |
Event Dashboards - Events Overview | Overview - All Threats | |
Event Dashboards - Kubernetes Events | Overview - Kubernetes | |
Events Dashboards - Cloud Events | Overview - Cloud | |
Events Feed | Activity - Events Feed | |
Threats > Activity | Insights - Cloud Activity | Activity - Cloud Activity |
Insights - Cloud User Activity | Activity - Cloud User Activity | |
Insights - Kubernetes Activity | Activity - Kubernetes Activity | |
Insights - Node & Pod Activity | Activity - Node & Pod Activity | |
Insights - Host & Container Activity | Activity - Host & Container Activity | |
Threats > Investigate | Investigate - Activity Audit | Investigate - Activity Audit |
Investigate - Captures | Investigate - Captures | |
Investigate - Rapid Response | Respond - Start Rapid Response | |
Investigate - Rapid Response Session Log | Respond - Rapid Response Session Log | |
Vulnerabilties | Vulnerability Management Overview | Overviews - All Vulnerabilities |
Overview - Vulnerability Management Pipeline | Overviews - Pipeline | |
Overview - Vulnerability Management Registry | Overviews - Registry | |
Overviews - Runtime | ||
Pipeline | Findings - Pipeline | |
Registry | Findings - Registry | |
Runtime | Findings - Runtime | |
Reporting | Findings - Reporting | |
Risk Acceptance - Vulnerabilities | Findings - Accept Findings | |
Scanning | ||
Configure | ||
New | Overview | |
Compliance | Findings | |
Risk Acceptance - Posture | Accepted Findings | |
Identity | New | |
Reporting | New | |
Policies | Threat Detection - Runtime Policies | Threat Detection - Runtime Policies |
Threat Detection - Rules - Rules Library | Threat Detection - Rules - Rules Library | |
Threat Detection - Rules - Falco List | Threat Detection - Rules - Falco List | |
Threat Detection - Rules - Falco Macro | Threat Detection - Rules - Falco Macro | |
Threat Detection - Rules - Rules Editor | Threat Detection - Rules - Rules Editor | |
Threat Detection - Runtime Policy Tuning | Threat Detection - Runtime Policy Tuning | |
Threat Detection - Image Profiles | Threat Detection - Image Profiles | |
Vulnerabilities - Pipeline | Vulnerabilities - Pipeline | |
Vulnerability - Runtime | Vulnerabilities - Runtime | |
Vulnerability - Rule Bundles | Vulnerabilities - Rule Bundles | |
Posture - Policies | Posture - Policies | |
Posture - Controls | Posture - Controls |
Package Deny List
The new package deny rule lets you control which packages are allowed in your codebase. You can add a specific package or a specific version of a package in a comma-separated list to the rule bundle. By defining these rules, you can enforce stricter security measures and maintain tighter control over your software artifacts. For more information, see Package Deny List.
August 16, 2024
Running CLI Scanner IaC Mode as a Jenkins Step
Sysdig now supports the integration of the CLI Scanner IaC Mode directly within Jenkins pipelines. This feature allows you to incorporate the CLI scanner into your Jenkins workflows, enabling automated enforcement of Posture Policies during Kubernetes deployments. With this integration, you can block deployments that do not meet user-defined policies or trigger warnings.
For more information, see Jenkins Integration.
New Reporting Module
Sysdig has released a new module for creating, managing and sharing reports, to be used in place of the Vulnerabilities Reporting interface. The new Reporting module provides more historical data, trends over time, customizable dashboards, panels, and more flexibility for scheduling reports. Scheduling allows you to set the frequency along with the timeframes. You can now create reports of up to 30 days worth of data. You can easily configure, schedule, and share reports. For more details, see Reporting.
August 14, 2024
AWS GuardDuty Findings
You can now see AWS GuardDuty findings in Sysdig Secure, ingested through our Agentless Cloud Detection and Response (CDR) integration. Connect an AWS cloud account with GuardDuty enabled, and Sysdig will analyze GuardDuty findings with Threat Detection Rules, and present them in your Events feed. To create and configure GuardDuty policies, see AWS GuardDuty Policy.
Enhanced Cloud Identity Insights
Sysdig has released Cloud Identity Insights, enabling easy correlattion of identity behavior with events, to detect and respond to potentially compromised users. These insight also helps teams prevent similar attacks in the future. This enhancement includes the following capabilities:
- Automatic detection of potentially Compromised Users based on abnormal activity
- Ability for Incident Responders to manually confirm a Compromised User
- Remediation Suggestions and playbooks to Contain Compromise
- Risk Policies to target Riskiest Identities for Posture Hardening
- Least Permissive Policy Optimization that takes into account and excludes actions only taken by a malicious actor
August 12, 2024
New and Updated Posture Policies
Sysdig added several new Posture Policies as well as updates to existing ones, enhancing our security and compliance coverage. This release includes the following:
- BSI-Standard 200-1: Information Security Management v1.0
- CIS Kubernetes V1.25 Benchmark v1.7.1
- CIS Kubernetes V1.26 Benchmark v1.8.0
- CIS Kubernetes V1.27 Benchmark v1.9.0
- Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) Ver 4
- Digital Operational Resilience Act (DORA) - Regulation (EU) 2022/2554
- NIS2 Directive (Directive on measures for a high common level of cybersecurity across the Union) 2022/2555
- NIST Cybersecurity Framework (CSF) v2.0
- NIST Privacy Framework v1.0
- Sysdig Google Cloud Benchmark v1.0.0
These new policies help organizations align with the latest industry standards and regulatory frameworks, ensuring comprehensive security and compliance management.
Additionally, the following Posture Policies have been updated to newest versions:
- CIS Amazon Elastic Kubernetes Service (EKS) Benchmark: Updated from v1.2.0 to v1.4.0
- CIS Amazon Web Services Foundations Benchmark: Updated from v1.5.0 to v3.0.0
- CIS Red Hat OpenShift Container Platform Benchmark: Updated from v1.2.0 to v1.5.0
- Health Information Trust Common Security Framework (HITRUST CSF): Updated from v9.4.2 to v9.6.0
- ISO/IEC 27001:2022: Updated from v1 to v3
- MITRE ATT&CK for Enterprise: Updated from v10.1 to v13.1
These updates reflect the latest changes in industry standards, helping to maintain ongoing compliance and security.
For more information, see Posture Policies Included.
Host Scanner v0.11.0 Released
Sysdig released a new version of Host Scanner with the following improvements:
- Vulnerability detection of the Go runtime included in a binary, in addition to vulnerability detection of external modules.
- Fixed CVE-2024-41110
Registry Scanner v0.2.73 Released
Sysdig released a new version of Registry Scanner with the following improvements:
- Added support for Rocky Linux.
- Improved the detection of Java packages through better manifest parsing.
- Fixed CVE-2024-41110.
August 9, 2024
Detect Vulnerabilities in Go Runtime
The following agent components now offer enhanced capabilities to detect runtime vulnerabilities within the Go runtime.
- Host scanner v0.11.0
- CLI scanner v1.14.0
- Registry scanner v0.3.0
- Cluster shield v1.3.0
This improvement allows you to identify vulnerabilities in the Go runtime included within a binary, in addition to those related to external modules. As a result, some existing pipelines that previously passed might now fail due to the detection of new vulnerabilities introduced by the improved scanning process.
Registry Scanner v0.3.0 Released
Sysdig released a new version of Registry Scanner with the following improvements:
- Vulnerability detection of the Go runtime included in a binary, in addition to vulnerabilities related to external modules.
New Posture Policies for Bottlerocket, Rocky Linux, Ubuntu, and RHEL
Sysdig now supports Posture Policies for Bottlerocket, Rocky Linux 9, Ubuntu 20, Ubuntu 22, RHEL 8, and RHEL 9. These new policies are designed to help you maintain security compliance across a broader range of Linux distributions.
In addition, we have updated the Distribution Independent Linux Benchmark to support audits for these distributions.
For more information, see Posture Policies Included.
Sysdig CLI Scanner v1.14.0 Released
The new version of CLI Scanner addresses the following:
- Vulnerability detection of the Go runtime included in a binary, in addition to vulnerabilities related to external modules.
August 7, 2024
Infrastructure as Code (IaC) Support for CFT and ARM
Sysdig now supports ARM (Azure Resource Manager) and Cloud Formation Template (CFT) within our IaC capabilities. You can now onboard Git repositories containing CFT and ARM templates, which will be automatically scanned, integrated into the Inventory, and evaluated for compliance. For more information, see IaC Supportability Matrix.
August 6, 2024
Download Vulnerability Scanning Results in CSV Format
Vulnerability Reporting has been enhanced to include the ability to download reports in CSV format, addressing the need for easier data manipulation and sharing.
Previously, extracting and managing vulnerability data in CSV format required building a report from multiple images, manual copying, or using third-party tools, which could be time-consuming and prone to errors. With the new CSV download capability, you can now quickly and accurately export vulnerability data for analysis, reporting, or integration with other systems, thereby enhancing productivity and reducing the risk of data mishandling.
For more information, see Download Vulnerability Scanning Results in CSV Format.
Runtime Scanner v1.7.2 Released
Fixed CVE-2024-41110
August 5, 2024
New Azure Cloud Account Onboarding
Sysdig has improved Azure Cloud Account Onboarding experienced for Azure tenants and subscriptions. The new wizard features clearer instructions, and simplifies upgrading accounts with new Sysdig features. If you have existing tenants and subscriptions who would like to benefit from this, contact your Sysdig representative.
For more information, see Azure.
Sysdig CLI Scanner v1.13.2 Released
Fixed CVE-2024-41110
Full Custom Controls for Cloud
Sysdig now offers the ability to create Custom Controls for CSPM via Terraform. You now can create controls from scratch by defining your own REGO code, remediation playbooks, and control severity.
For more information, see Create Custom Controls with Terraform.
August 2, 2024
Microsoft Deprecates Office 365 Connectors
Microsoft is deprecating Office 365 Connectors for Microsoft Teams notifications. According to the official deprecation notice, new connectors cannot be created after August 15, 2024, and existing ones will require a URL update to function after December 31, 2024. To avoid any interruption in notifications, see migrate from Office 365 Connects to Power Automate.
Jul 30, 2024
Sysdig CLI Scanner v1.13.1 Released
VM
- Fixed a defect where the CLI scanner communicated with the Sysdig backend despite being configured to operate in standalone mode
- Improved the detection of Java packages through better manifest parsing.
IAC
Fixed an issue causing a 500 error during Infrastructure as Code (IaC) CLI scans when processing large request payloads.
July 26, 2024
Accept Risk for Rules
Sysdig now offers its Risk Acceptance capabilities for Rules with customizable risk management scopes. This enhancement allows you to extend risk acceptance in both broad and granular ways, giving you greater control over your security policies. Previously, accepted risk was scoped only for a CVE, image, or host.
For more information, see Accept Risk
July 22, 2024
Leverage Artificial Intelligence for Okta Login Anomaly Detection
Sysdig extends its ML capabilities with the Okta Machine Learning (ML) policy. Use an Okta ML policy to detect anomalous Okta login events in connected Okta cloud accounts, and receive notifications when they occur. Our Machine Learning model helps you understand why an event is considered anomalous compared to the expected behavior. To learn more, see Okta ML.
Identify Network Exposure in Inventory
The newly added Network Exposure tab in Inventory reveals the exposure path for exposed resources. The feature supports Hosts, Workloads, and Storage resources such as AWS S3 and Azure Blob. See Use the Network Exposure Tab.
July 18, 2024
Sysdig CLI Scanner v1.13.0 Released
The new version of CLI Scanner addresses the following:
- Fixed a defect that caused the
sysdig-cli-scanner
to report incorrect results for files deleted inside a JAR/WAR/EAR archive - Fixed a defect that caused
sysdig-cli-scanner
to emit redundant WARN log messages - Fixed a defect that caused the
sysdig-cli-scanner
to generate incorrect CTAs. Recommendations are now correctly sorted by package name.
July 11, 2024
Layered Analysis
Sysdig extends its power of container image scanning toolkit to include Layered Analysis to provide insight into image hierarchy and explore every layer. Layered analysis offers:
Improved Ownership and Remediation: Differentiate between base image and application layers to streamline routing and remediation. The security team can update base images to newer versions, while development teams handle vulnerabilities in the application layers.
Enhanced Investigation and Research: Browse and analyze base images and each layer individually and see the packages and vulnerabilities included in each image and layer. This helps gain insights into when and how vulnerabilities were introduced. See the exact Dockerfile command related to each vulnerability layer for a deeper understanding.
For information, see Layered Analysis.
CLI Scanner v1.12.0 Released
The new version of the CLI Scanner released with the following:
Support for Layered Analysis
JSON output now includes layered information for the container images
Introduced new options:
--separate-by-layer
and--separate-by-image
.See Install CLI Scanner for more information.
Fixed CVE-2024-6104
July 10, 2024
Host Scanner v0.10.2 Released
- Fixed the defect that caused the host scanner to fail in sending the correct cloud metadata attributes to the backend.
- Fixed CVE-2024-24791
July 9, 2024
Resource Packages in Inventory
You can now use the new Packages in the Inventory module to keep track of vulnerabilities, maintain desired state configurations, and detect unauthorized changes. See Use the Package Tab.
July 01, 2024
Azure Risk Policy
Sysdig Risks module extends its capabilities to Microsoft Azure environments:
- Publicly Exposed VM with Critical Vulnerabilities: Detects if the Azure VM is publicly exposed and was found to be vulnerable to CVEs of Critical severity.
- Publicly Exposed Azure Storage Account Blob Service Container: Detects if an Azure Blob Container is publicly exposed.
For more information, see Risks.
June 25, 2024
Host Scanner v0.10.1 Released
- Fixed the following vulnerabilities:
June 24, 2024
Sysdig CLI Scanner v1.11.1 Released
The new version of CLI Scanner includes the fix for a defect that caused the CLI scanner to use an incorrect HTTP header when downloading the vulnerability database.
June 18, 2024
CIEM Support for Microsoft Azure
Sysdig extends its CIEM solution to support Microsoft Azure, providing you with seamless identity and access management across their cloud environments. With this integration, organizations can streamline identity governance, enforce access controls, and enhance security within their Azure infrastructure. For more information, see Optimize Azure User Entitlements.
Introducing CSAF-VEX as the Primary Data Source for Redhat Vulnerabilities
Sysdig has transitioned from using Redhat OVAL (Open Vulnerability and Assessment Language) as the primary data source for Redhat vulnerabilities to the new CSAF-VEX (Common Security Advisory Framework Vulnerability Exploitability eXchange). This change is aimed at enhancing the vulnerability matching accuracy, improving data quality, and streamlining Sysdig’s overall security processes. Here are the key changes introduced by CSAF-VEX:
Enhanced Data Accuracy and Quality: CSAF-VEX provides more precise and comprehensive vulnerability information. The structured format ensures that data is presented consistently, making it easier to interpret and act upon.
Improved Vulnerability Assessment: The transition to CSAF-VEX will enable more detailed vulnerability assessments, including specific exploitability information. This will allow for more informed decision-making regarding vulnerability prioritization and remediation.
Better Compatibility and Future-Proofing: CSAF-VEX is aligned with modern security standards and practices, ensuring better compatibility with other security frameworks and tools. This transition positions us to adapt more readily to future advancements in vulnerability management.
June 13, 2024
Sysdig CLI Scanner v1.11.0 Released
The new version of CLI Scanner addresses the following:
Fixed formatting in Infrastructure as Code (IaC) CLI scan report
Transitioned from OVAL to CSAF-VEX for RedHat Vulnerabilities
OVAL remains the primary datasource for Sysdig On-Prem installations ahead of version 6.13.
June 10, 2024
OCP Registry Support for Registry Scanner
Registry Scanner v0.2.69 and above supports scanning OpenShift Container Platform Registry for vulnerabilies. For more information, see OpenShift Container Platform Registry.
New UI Themes
Sysdig introduces new themes for the Sysdig Secure UI, featuring new colors, shapes, typefaces, and artwork in both Light and Dark modes.
With the introduction of the new themes, you can experience a cleaner and more contemporary user interface, enhancing the data narrative. The refined lines of the new font and the minimalist color palette aim to provide additional space for the story Sysdig wants to convey with your data.
The older Light and Dark themes are automatically updated to the new ones, so no action is required on your part. The previous themes will remain accessible as Light - Legacy and Dark - Legacy for the next few months.
June 06, 2024
New Events Feed
A new version of the Events Feed is now Generally Available (GA). It includes:
- Events table: Instead of a list of events, the feed is structured as a columned table. More information is now directly surfaced in the Events feed.
- Interactive time chart: Spot anomalous volume in the new Events time chart. Click and drag over a timespan to view it in detail.
- Improved Events Detail panel: Use the Events Detail panel to dive deep into Events. Copy event details in various formats, such as Simple Text, JSON and CSV.
- Improved Filter: You can now use tags, and filter Events by Kubernetes, Cloud, and Host.
Agentless CDR is Now Generally Available
Agentless Cloud Detection and Response (CDR) is now generally available (GA) for all data sources:
June 05, 2024
AI Risk Policy
Sysdig Risks module extends its capabilities to detect workloads that contain malicious AI packages.
- AI Risk Detection: This Risk Policy identifies workloads that are exposed and contain AI packages at a minimum. It also considers optional findings that increase the risk into different risk combinations.
- AWS AI-Related Services Detection: Detects packages for AWS AI-related services, such as SageMaker and Bedrock. For a full list of detected packages, search for Contains AI Package Control on the UI.
For more information, see Risks.
Download Scan Results in PDF Format
Sysdig Vulnerability Management module extends its capabilities to allow you to download scan results in PDF format:
- Comprehensive Reports: Access all the scan details, including summaries and findings, in single document.
- User-Friendly Format: The PDF is designed for clarity and ease of reading.
- One-Click Download: Easily download your scan report with a single click.
Use the Download PDF button found across the Overview, Vulnerabilities, Content, Policies, and Detail tabs to download the desired scan result.
May 29, 2024
Sysdig CLI Scanner v1.10.1 Released
The new version of CLI Scanner fixed CVE-2024-3727.
May 27, 2024
Package Type Condition in Vulnerability Rules
Sysdig introduced a new condition, Package Type, for the Vulnerabilities Severities and Threats rules. The Package Type condition distinguishes between Operating System (OS) and non-OS packages.
The Package Type condition requires:
- Sysdig CLI Scanner v1.10.0 or above
- Sysdig Host Scanner v0.10.0 or above
- Sysdig Cluster Scanner (any version) or Sysdig Runtime Scanner v1.7.0 or above
May 23, 2024
Sysdig CLI Scanner v1.10.0 Released
The new version of CLI Scanner addresses the following:
- Fixed an issue that could generate error 500 when scanning several paths
- Extended severities and threats rule to support package type predicates
- Fixed CVE-2024-32473
May 22, 2024
Runtime Scanner v1.7.0 Released
- Extended severities and threats rule to support package type predicates
Host Scanner v0.10.0 Released
- Extended severities and threats rule to support package type predicates
May 13, 2024
HostScanner v0.9.1 Released
Released HostScanner v0.9.1. Prometheus and health check servers are disabled by default in this version.
May 09, 2024
Runtime Scanner v1.6.12 Released
- Fixed a defect that caused the scanner to ignore the value of
CONTAINERD_SOCKET_PATH
when trying to connect to ContainerD. - Update dependencies to fix the following high severity vulnerabilities: CVE-2023-45288
May 02, 2024
HostScanner v0.9.0 Released
- Improved communication with Sysdig backend by compressing body of
http
requests. - Corrected a bug that can cause scan results to disappear for a short amount of time from the Runtime UI View.
- Updated dependencies to fix the following high severity vulnerabilities: CVE-2023-45288.
May 01, 2024
RBAC Permissions Available in Vulnerability Management
Administrators can now create RBAC roles and define which roles are permitted to access the Vulnerability Management, Policy, Reporting, and Risk Acceptance functions. For more information, see Custom Roles.
April 25, 2024
CIEM Support for Google Cloud Platform
Sysdig extends its CIEM solution to support Google Cloud Platform (GCP), providing you with seamless identity and access management across their cloud environments. With this integration, organizations can streamline identity governance, enforce access controls, and enhance security within their GCP infrastructure. Our goal is to empower businesses to confidently embrace GCP while maintaining the principle of Least Privilege and having proper Identity Hygiene.
For more information, see Optimize GCP User Entitlements.
Agentless Vulnerability Scanning
AWS Agentless Host and Container Scanning is now Generally Available. For details, see AWS Scanning.
GCP and Azure Agentless Host and Container Scanning is released in Technical Preview For details, see Agentless Scanning.
Notes:
- Resources are scanned once every 24 hours and discovery occurs every 15 minutes for new cloud hosts.
- Azure resources are rescanned and re-discovered every 24 hours.
April 24, 2024
Drift Control is Now Generally Available
Drift control is now generally available (GA) to all workload security customers. To implement Drift Control, create a Container Drift policy. See Container Drift Policy Prerequisites.
Support for Volume Mounts in Drift Control
With agent version 13.1.0., Container Drift policies can detect drift events on volume binaries. You can add or modify new executables outside the monitored resource, making drift difficult to detect. Now, when executables are modified within a monitored resource, it is treated as drift. See Detect | Volume Binaries.
In Agent version 13.1.1, it is enabled by default.
In v13.1.0, add the following configuration to the
dragent.yaml
file:drift_deny_execution_from_volumes: true
Detect Threats in Microsoft Entra ID
Sysdig extends its Cloud Detection and Response (CDR) coverage to Microsoft Entra ID, supplementing Okta as an additional solution for Identity and Access Management (IAM).
Once you connect your Azure tenant, Sysdig will also connect to Entra, and monitor it with dedicated policies and rules, maintained by Sysdig Threat Research Team (TRT).
As with other sources powered by Falco, Sysdig supports customization for Entra ID threat detection.
April 22, 2024
Sysdig CLI Scanner v1.9.2 Released
The new version of CLI Scanner addresses the following:
- Fixed a defect to scan helm chart with kubeVersion set
- Fixed a defect that could make the
sysdig-cli-scanner
display a wrong pullstring when retrieving the image with the containers-storage loader
April 16, 2024
Inventory Vulnerabilities CVE Panel
When viewing resource vulnerabilities in Inventory, you can now select a CVE to open a detailed panel. Here, you can take action to create a Jira ticket, accept risk, and learn more about the CVE in question. See Use the Resource Vulnerabilities Tab.
April 09, 2024
Sysdig CLI Scanner v1.9.1 Released
The new version of CLI Scanner addresses the following:
- Fixed an issue that could cause the component to print “Failed to GetDriver graph overlay” error in the output
- Fixed the following vulnerabilities:
Report Runtime Container Information
Sysdig has extended reporting capabilities for runtime container to include raw or bare containers that are not part of Kubernetes clusters, ensuring comprehensive visibility and management of vulnerabilities across your containerized environments.
The new Runtime Container entity type includes all the assets that are also available in the Runtime View with the filter asset.type = container
.
For more information, see Runtime Containers
April 04, 2024
Enhanced Vulnerability Scanning Tools
Sysdig has extended the vulnerability scanning capabilities by introducing the following:
- Instant Scans: Scan your images instantly with the Scan Now button.
- Registry Credential Management: Easily onboard your private registries by adding your registry credentials.
For more information, see Scan Now.
GCP and Azure Validation for Cloud Accounts
Sysdig has released automatic validation that covers the permissions, configurations, and resources essential for CSPM and CDR functionalities on both clouds, as well as CIEM for GCP. This check runs every 24 hours to ensure your GCP and Azure cloud accounts are connected and set up correctly.
For details, see Cloud Accounts | Validate Account Connection for GCP and Azure.
Enhanced Risk Findings
Sysdig has launched a Findings tab within the Risk feature. Select an affected resource from the Risk page to open the drawer where this new tab lives. It helps you understand all the resources involved in a specific Risk and their findings.
Sysdig also highlights the highest-impact findings and suggests fixes to reduce the most risk with the least effort.
For details, see Risks - Review Affected Resource.
March 27, 2024
Create and Edit Posture Controls
You can now create custom controls by duplicating a control and editing its parameters. Custom controls can be used in custom Posture policies and can be edited or deleted as needed. This feature is available for all teams with the permission Posture Controls: Edit See Manage Posture Controls for details.
March 26, 2024
Added CIEM to the AWS Onboarding Wizard
Sysdig has launched an improved onboarding experience for CIEM when connecting AWS Cloud Accounts. Users can now enable CIEM as part of the wizard. Sysdig then guides them through the installation process step-by-step, ensuring a seamless and personalized experience.
For details, see Connect Cloud Account | AWS.
March 22, 2024
Host Scanner v0.8.0
Sysdig released Host Scanner v0.8.0 offering support for platform scanning and addressing the following issues:
- Fixed a memory leak that could happen when disabling platform scanning
- Fixed an issue that could potentially cause memory spikes
- Fixed an issue that could cause the host-scanner to detect the operating system incorrectly when running as a binary
March 19, 2024
CISA KEV
You can now check if a vulnerability, reported by pipeline, registry, or runtime scanning, is registered in the CISA KEV catalog and filter images by CISA KEV. This allows you to view details such as the date added and due date for CISA KEV vulnerabilities. Drill down into scan results to view the CISA KEV information associated with an image. For more information, see Key Vulnerability Management Terminology.
Platform-Based Scanning
Sysdig has extended the Vulnerability Management scanning capabilities to conduct platform scanning by default. The scanning tools analyze images and host filesystems to extract the Software Bill of Materials (SBOM) and send them to the Sysdig backend for evaluation. Vulnerability matching and policy evaluation now occur within the Sysdig platform rather than on the client side.
Platform-based scanning aims to optimize computing resources, conserve data transfer, improve response time by eliminating client-side evaluation of images, and enhance the robust tracking of images across the user environment. For more information, see Platform-Based Scanning.
Improved GCP Cloud Account Onboarding
Sysdig has launched an improved onboarding experience for GCP Cloud Accounts. Users can specify their installation preferences regarding desired features. Sysdig then guides them through the installation process step-by-step, ensuring a seamless and personalized experience.
In addition, Sysdig’s Agentless CDR now supports threat detection on GCP. By leveraging Falco and its constantly updated rules managed by the Sysdig Threat Research Team, as well as custom rules tailored to specific environments and security requirements, users can connect their GCP accounts effortlessly while benefiting from robust event processing.
For details, see Connect Cloud Accounts | GCP.
March 15, 2024
Global Service Accounts
Sysdig has extended the functionality of team-based service accounts with global service accounts. Unlike team-based service accounts, global service accounts can perform actions that require system level permissions. Admins can create a global service account through the API. See Global Service Accounts
March 11, 2024
Risks Module Released in Technical Preview
We are excited to release Risks in Technical Preview. The Risks feature correlates findings from CSPM, KSPM, cloud log ingestion, CIEM, Vulnerability Management, and Agent-Based Threat Detection. By combining the most critical security issues, we prioritize the biggest risks for security teams to focus on.
For details, see Risks.
Kill Process in Workload
In Threat Detection Policies, Workload and List Matching policies can now be configured to kill the event-triggering process. For details, see Workload.
Sysdig CLI Scanner v1.9.0 Released
Sysdig released the new version of CLI Scanner with the following enhancements:
General
- Fixed CVE-2024-24786
IaC
Fixed an error occurred during Terraform directory scanning
Fixed an defect on severity threshold flag
Enhanced the CLI Scanner to return exit code
1
when violations exceed threshold
VM
- Added support for Chainguard Wolfi
- Improved the CLI Scanner to avoid policy failure if the solution date is absent.
March 7, 2024
Improved Azure Cloud Account Onboarding
Sysdig has launched an improved onboarding experience for Azure Cloud Accounts. Users can specify their installation preferences regarding desired features. Sysdig then guides them through the installation process step-by-step, ensuring a seamless and personalized experience.
In addition, Sysdig’s Agentless CDR now supports threat detection on Azure. By leveraging Falco and its constantly updated rules managed by the Sysdig Threat Research Team, as well as custom rules tailored to specific environments and security requirements, users can connect their Azure accounts effortlessly while benefiting from robust event processing.
For details, see Connect Cloud Account | Azure.
March 5, 2024
Deactivate User Option
Sysdig has added the ability to configure a period of inactivity for a user, after which the user is deactivated. This helps large enterprises manage users automatically rather than manually deleting users from Sysdig.
This feature is deactivated by default. Currently, it can be enabled via API only.
For details, access the API documentation under User-Deactivation.
View Cloud Host Vulnerabilities in Inventory
Inventory now lets you search for vulnerable resources on your AWS and GCP cloud hosts (EC2 Instance, Compute Instance).
Furthermore, each cloud host’s resource-360 drawer includes vulnerability findings through a new tab.
You can also search on Package Name-Version
,
Note that Azure VM Hosts are out of scope at this time.
See Inventory for details.
Inventory UI Updates
You can now search by Host Image ID for AWS EC2 Instance and GCP Compute Instance.
March 1, 2024
Monitor Objects in S3 Buckets
Agentless AWS Cloud Threat Detection (CDR) coverage is extended to monitor operations performed on objects stored in Simple Storage Service (S3) buckets through S3 notifications.
AWS CloudTrail integration now supports:
- ReadOnly management events (whose verb starts with Get/List/Describe)
- Coverage for S3 notifications to monitor S3 buckets and extend our AWS Agentless CDR coverage.
For details, see the AWS Agentless instructions to connect a cloud account.
February 29, 2024
Improved Overview Page in Identity and Access (CIEM)
We are excited to unveil the new and improved Overview Page for Sysdig’s Identity and Access (CIEM) feature. This version offers visual dashboards and a quick view into identity risks, enabling organizations to enhance their security posture with ease.
For details, see Identity and Access Overview.
February 28, 2024
Global Accept Risk on Posture Controls
Users can now accept risk on a Posture control for all failing resources, including future resources, and improve compliance results at scale while managing risk.
For details, see Accept Risk Globally on a Control.
February 22, 2024
AWS Validation for Cloud Accounts
Sysdig has released automatic validation that covers the permissions, configurations, and resources essential for CSPM, CDR, and Agentless Host Scanning functionalities. This check runs every 24 hours to ensure your AWS cloud accounts are connected and set up correctly.
For details, see Validate Account Connection for AWS.
Alerting for Vulnerability Policies
Sysdig has introduced notification channels to enable near real-time alerting for vulnerability policies. You can now extend any vulnerability policy with a notification channel, including Slack, Email, Teams, and Webhook.
WHAT?
Ability to send and receive alerts from Sysdig in different scenarios.
Ability to include triggers any vulnerability policy rule including vulnerability detections and root user configuration
The Use of the Notifications Channel aligns with other alerting in the functions in the Secure Platform
WHY?
- Provides insight into failing policies in regulated zones
- Triggers workflows in ticketing systems
- Alerts the operation teams through notification channels
- Provides action messages on critical events
For more information, see Vulnerability Policy Alerts.
February 14, 2024
Registry Scanner v0.2.67 Released
Sysdig released the new version of Registry Scanner allowing you to run the registry scanner in ARM architecture.
Legacy Inline Scanner v 2.4.28 Released
Added support for Docker version 25.
February 12, 2024
Host Scanner v0.7.5
Sysdig released Host Scanner v0.7.5, addressing an issue where special characters prevented the display of non-Kubernetes results in the UI. It also bumped dependencies to address the following security vulnerabilities:
- CVE-2024-21626
- CVE-2023-29491
- CVE-2023-29491
- CVE-2023-48795
February 9, 2024
Runtime Resource Types
Sysdig has introduced the following new types of resources for AWS, bringing the total to 122 different supported runtime resource types:
- IAM Role Policy Attachment
- Lambda Function Alias
- Lambda Function URL Configuration
- Lambda Policy
- Lambda Provisioned Concurrency Config
Infrastructure as Code (IaC) and Runtime Resource Parity
AWS Parity Between IaC and Runtime Resource Types
The parity level of IaC resources for AWS Terraform provider is now of 85%, supporting 99 different resource types.
Microsoft Azure Parity Between IaC and Runtime Resource Types
The parity level of IaC resources for Microsoft Azure Terraform provider is now of 99%, supporting 57 different resource types.
Google Cloud Parity Between IaC and Runtime Resource Types
The parity level of IaC resources for GCP Terraform provider is now of 15%, supporting 32 different resource types across the following categories:
- Audit & Monitoring
- Compute
- Database
- Encryption & Secrets
- IAM
- Management
- Networking
- Storage
High Profile Controls
High Profile Controls for AWS
Sysdig has introduced a complete set of 24 high profile controls for the following categories:
- Audit & Monitoring: 6 controls
- Database: 18 controls
These controls affect the following AWS services:
- DynamoDB
- ElastiCache
- Simple Notification Service (SNS)
Personalized Controls
As part of the continuous endeavor to incorporate parameters into controls that are amenable to accepting them, 18 new controls have been personalized for the cloud. See the complete list of customizable controls.
February 7, 2024
Legacy Inline Scanner v 2.4.27 Released
Changes
- Updated anchore to 0.8.1-68 (February 2024)
Fixes
Vulnerability fixes for the following high-severity CVEs:
February 05, 2024
Registry Scanner v0.2.65 Released
Sysdig released the new version of Registry Scanner with the following fixes:
Fixed a pagination issue on Quay Registry.
Fixed the following vulnerabilities:
Use Registry Scanner v0.2.65 by updating helm charts to version 1.1.30.
CLI Scanner v1.8.3 Released
Sysdig released the new version of CLI scanner with the following:
Added CISA KEV data to JSON output to indicate if the given vulnerability is included in the CISA KEV. If it is reported in the CISA KEV catalog, the JSON output provides the following:
publishDateByVendor
: When the vulnerability was added to the catalog.cisakev.dueDate
: The deadline by which organizations, particularly federal agencies, are mandated to apply necessary patches or mitigations to safeguard their systems from potential exploitation.cisakev.knownRansomwareCampaignUse
: Indicates whether the CISA KEV is known to have been leveraged as part of a ransomware campaign.
Fixed the following vulnerabilities:
January 31, 2024
Container Actions and Captures added to More Policies
Sysdig agent supports the following new actions in Container Drift policies and Malware policies:
- The ability to create capture files
- The ability to Kill/Pause/Stop a container
Malware policies are currently in Controlled Availability. Contact Sysdig Support for access to the Malware feature.
These features require Sysdig Agent v12.20+.
January 24, 2024
Infrastructure as Code (IaC) and Runtime Resource Parity
AWS Parity Between IaC and Runtime Resource Types
The parity level of IaC resources for AWS Terraform provider is now of 84%, supporting 94 different resource types across the following categories:
- Audit & Monitoring
- Compute
- Database
- Encryption & Secrets
- IAM
- Managed Services
- Management
- Networking
- Security & Compliance
- Storage
Microsoft Azure Parity Between IaC and Runtime Resource Types
The parity level of IaC resources for Microsoft Azure Terraform provider is now of 97%, supporting 56 different resource types across the following categories:
- Audit & Monitoring
- Compute
- Database
- Encryption & Secrets
- IAM
- Management
- Networking
- Storage
High Profile Controls
High Profile Controls for AWS
Sysdig has introduced a complete set of 53 high profile controls for the following categories:
- Audit & Monitoring: 1 control
- Compute: 25 controls
- Managed Services: 5 controls
- Management: 2 controls
- Networking: 18 controls
- Security & Compliance: 2 controls
These controls affect the following AWS services:
- AWS Certificate Manager (ACM)
- API Gateway
- Autoscaling
- CloudFront
- Elastic Compute Cloud (EC2)
- Elastic Container Service (ECS)
- Elastic Beanstalk
- Lambda
- Simple Notification Service (SNS)
- Systems Manager (SSM)
- Web Application Firewall (WAF)
High profile controls for Microsoft Azure
Sysdig has introduced a complete set of 28 high profile controls for the following categories:
- Audit & Monitoring: 8 controls
- Compute: 9 controls
- Management: 11 controls
These controls affect the following Microsoft Azure services:
- AppService
- Defender
- Monitoring
Personalized Controls
As part of the ongoing effort of adding parameters to the controls that are susceptible of accepting them, 23 controls have been personalized for cloud and Kubernetes. Please refer to the complete list of customizable controls.
Compliance Results Show Passing Count
The Compliance Results page now includes a column to display the number of controls that are passing for each resource.
See Compliance for details.
January 18, 2024
Data Types for Events Forwarding
Sysdig is happy to announce the General Availability for Activity Audit data type in Events Forwarding. Additionally, we have initiated the deprecation process for the following legacy data types:
- Legacy Runtime policy event format, replaced by the new format
- Legacy Compliance v1 events (Secure events compliance and Benchmark events), part of the Legacy compliance
- Legacy Vulnerability Scanner v1, part of the Legacy scanning engine
Effective immediately, the creation of new integrations using this format is no longer possible. The removal of these integrations will be finalized when the replacement features are available across all environments, with dedicated announcements to follow.
Host Scanner v0.7.4
Sysdig released Host Scanner v0.7.4, addressing a date handling issue that prevented non-kubernetes results from appearing in the UI. The release also updated the DEBUG
environmental variable to be compatible with older versions. Log level values, such as INFO
, TRACE
, or boolean values where true
enables DEBUG
level are now accepted.
January 9, 2024
Filter for Updated Threat Detection Rules
We have added a new drop-down filter on the Rules Library page to easily review recent changes made to rules and exceptions.
See View Recent Changes to a Rule for details.
January 04, 2024
Introducing Infrastructure as Code (IaC) Scanning Integration to Sysdig CLI Scanner
Sysdig is thrilled to announce a major advancement to the sysdig-cli-scanner
tool with the integration of Infrastructure as Code (IaC) scanning functionality. This release empowers users to seamlessly scan IaC resources for potential risks and compliance issues, enhancing the security posture of your development workflows. By using the familiar sysdig-cli-scanner
interface, you can initiate IaC scans to identify potential risks and compliance issues early in the development lifecycle. The tool continues to support the basic functionality.
Key Features
- A comprehensive exit code system for easy interpretation of scan results
- Role-Based Access Control (RBAC) for precise control over permissions
- Cross-platform compatibility
- Ability to integrate into existing workflows, such as CI/CD pipelines
- Use of API Token for authentication, ensuring consistency with the VM CLI
- Simple command execution
See Run Sysdig CLI Scanner in IaC Mode for details.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.