SaaS: Sysdig Secure Release Notes
You may also want to review the update log for Falco rules used in the Policy Editor: Falco Rules Changelog.
Dates shown are for the initial release of a feature. The feature may not be be rolled out to all regions concurrently and availability of a feature in a particular region will depend on scheduling.
Supported Web Browsers: Sysdig supports, tests, and verifies the latest versions of Chrome and Firefox. Other browsers may also work, but are not tested in the same way.
June 7, 2023
Runtime Events Dashboards
Sysdig is excited to introduce the technical preview of the Runtime Events Dashboards in Sysdig Secure. The dashboards provide a summary view as well as trend view of all events in your infrastructure. They highlight security hotspots, while the filtering capabilities allow you to focus on a specific part of the infrastructure.
With this release, the following dashboards are available: Events Overview, Kubernetes Events, Cloud Events, and Host and Container Events.
NOTE: Only teams that are scoped to the entire infrastructure will see the dashboards.
June 5, 2023
Posture: Standalone Install Available for Linux and Docker Hosts
While Helm is the recommended installation method for Kubernetes clusters, if you want to scan a host that is not running Kubernetes, we also offer a stand-alone analyzer for compliance violations on Linux hosts.
OOTB Policy Content Updates
We are happy to announce the update of the following policies:
- CIS Google Cloud Platform Foundation Benchmark v2.0.0 (latest)
- CIS Microsoft Azure Benchmark v2.0.0 (latest)
- ISO/IEC 27001:2022 (latest)
- Lockheed Martin Cyber Kill Chain
Sysdig Secure Coverage Improvement for AWS
Sysdig Secure Posture control library has been expanded to improve its AWS resources coverage. The control library now includes new controls for the following resource types:
- Amazon Elastic Container Service (ECS)
- ECS Cluster
- ECS Service
- ECS Fargate Service
- ECS Fargate Task Definition
- Amazon Elastic Kubernetes Service (EKS)
- EKS Cluster
- EKS Fargate Profile
Sysdig Secure Coverage Improvement for GCP
Sysdig Secure has been expanded to improve its GCP resources coverage adding a total of 229 new resource types for the following services:
- AI and Machine Learning
- Cloud TPUs
- Dialogflow
- Document AI
- Speech-to-Text
- Vertex AI
- API Management
- API Gateway
- Cloud Healthcare API
- Compute
- Compute Engine
- Containers
- Artifact Registry
- Container Engine
- Container Registry
- Google Kubernetes Engine (GKE)
- Data Analytics
- BigQuery
- Cloud Composer
- Cloud Data Fusion
- Dataflow
- Dataplex
- Dataproc
- Pub/Sub
- Databases
- Cloud SQL
- Cloud Bigtable
- Cloud Spanner
- Database Migration Service
- Datastream
- Firestore
- Memorystore
- Hybrid and Multicloud
- Anthos
- Management Tools
- Deployment Manager
- Google Cloud Billing API
- Service Management API
- Media and Gaming
- Game Servers
- Transcoder API
- Networking
- Cloud Domains
- Cloud Intrusion Detection System (IDS)
- Google Cloud Virtual Network
- Network Connectivity
- Network Management
- Network Services
- Service Directory
- Operations
- Cloud Logging
- Security and Identity
- Assured Workloads
- BeyondCorp Enterprise
- Certificate Authority Service
- Cloud Data Loss Prevention
- Cloud Key Management Service (KMS)
- Cloud Resource Manager
- Secret Manager
- Serverless Computing
- App Engine
- Cloud Functions
- Cloud Run
- Workflows
- Storage
- Filestore
- Additional Google Products
- Eventarc
- Integration Connectors
- Managed Service for Microsoft Active Directory (Managed Microsoft AD)
- Organization Policy API
May 30, 2023
VM Registry Scanner 0.2.39 Supports .Net Packages and Centos OS
We are pleased to announce the release of our updated registry scanner 0.2.39 with chart 1.0.12 with the following features:
- Allowing internal ENV var to allow pageSize setup on the Artifactory client (v0.2.39)
- Registry scanning library bump, to add vulnerability management support for .Net packages and Centos OS (v0.2.38)
Please be aware that by incorporating this new source, you may discover previously unidentified vulnerabilities in assets that have already been scanned.
May 23, 2023
Vulnerability Management Landing Page for Trends
Sysdig is happy to announce the release of a Vulnerability Management Landing Page. This is designed to support users looking to see trends, priorities, and top action items on the vulnerability risks in their environment.
WHAT?
- Enable Vuln Managers easy identification of changes in vulneratility Risk Posture (trends), Most Pervasive vulnerabilities, Newest Released Vulns, and Infrastructure Segments with the most vulns
- Enable Program Managers easy insight into Policy posture on findings
- Enable Architects easy access to data regarding to the scan counts and adoption rates
WHY?
- Give a VM team an easy place to start to prioritize and manage Vulnerabilities at a program level.
Additional Notes:
- All widgets enable a workflow to take action or export data to the user’s native information security tool ecosystem
- Coming soon: addition of zones, native integration to ticketing, more sophisticated prioritization through Image Genealogy
May 16, 2023
Accepted Risks Management for Posture Added (Preview)
A dedicated Accepted Risk page has been added under the Policies UI in Sysdig Secure, with the following features:
- A new Posture Tab with the list of accepted Posture/Compliance violations (in addition to the Vulnerabilities accepted risks tab)
- Ability to search for risks that were accepted and to filter by various parameters
- Ability to review a specific acceptance, revoke or edit it
This feature is in Technical Preview status.
May 15, 2023
Sysdig Secure Coverage Improvement for AWS
Sysdig Secure Posture control library has been expanded to improve its AWS resources coverage. The control library now includes new controls for the following services:
- Account
- Amazon EC2 Auto Scaling
- AWS CloudFormation
- Amazon CloudFront
- AWS CodeBuild
- Amazon Elastic Container Service (ECS)
- Amazon Elastic Load Balancer (ELB)
- Amazon ElastiCache
- Amazon Elasticsearch Service
- AWS Identity and Access Management (IAM)
- AWS Key Management Service (KMS)
- AWS Lambda
- Amazon OpenSearch Service
- Amazon RDS
- Amazon Redshift
- AWS Secrets Manager
- Amazon Simple Notification Service (SNS)
May 11, 2023
Inventory Now Supports Git Integrations
IaC code resources, supported by our Git-integrated scanner, are now available in Sysdig Secure’s Inventory:
Easily differentiate your code from your deployed resources with our updated resource cards;
Search and filter for IaC resources using attributes like Resource Origin, Source Type, Location, Git Integration and Repository;
Access a 360-view of each code resource, which includes:
- resource metadata
- configuration details
- posture violations that can be remediated with automated workflows.
Query the Secure API to get a list of multiple IaC resources or retrieve a single one.
May 8, 2023
OOTB Policy Content Updates
We are happy to announce the update of the following policies:
- CIS Docker Benchmark v1.5.0 (latest)
- CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.2.0 (latest)
- CIS Google Kubernetes Engine (GKE) Benchmark v1.4.0 (latest)
- CIS Azure Kubernetes Service (AKS) Benchmark v1.3.0 (latest)
Registry Scanner 0.2.32 Update Available
Fixes
- Added support for http protocol registries
- Changed to honor maxRepositoriesPerRegistry on aws.org
In chart 1.0.5
May 3, 2023
Sysdig Secure Vulnerability Management Rules Improvement
We would like to inform you of an important update to Sysdig Secure’s default set of rules for vulnerability management Severe vulnerabilities with a Fix. We identified that the necessary condition “has a fix” was previously missing from one of these rules, which might have impacted the accuracy of identified policy violations. This issue has now been corrected.
Please note that as a result of this improvement, some vulnerabilities previously marked as policy violations may no longer be considered as such.
Groups Page added to CIEM
The Groups page provides numerous ways to sort, filter, and rank the detected group information to quickly remediate identity risks associated with the group’s users and policies.
Least Permissive Policy Suggestions for a group take into account all of the group’s attached user’s activity within the scope of all attached policies. Utilizing Sysdig’s Optimized Policy Suggestion can enable you to create one policy for the group that is Least Permissive.
Notification Formats Updated
The notification format for the Slack and MS Teams notification channels were simplified for ease of use. The notifications now contain just the rule, policy name and context information about where the event took place. When available, a Runbook Link and Action Taken are displayed.
The user can click the link to reach the event with full details in the Sysdig UI.
May 2, 2023
Threat Detection Policy and Rule Pages Show Update Badge
Badges are now displayed on the Runtime Policies and Rule Library pages to indicate that a rule has been added or updated in the past 7 days. This includes updates performed by Sysdig’s threat research team as well as customization added by users, e.g., when specifying exception values.
April 25, 2023
Cloud Account Compute Resource Shown in Subscription
The Subscription page now includes Compute Resource information to allow tracking of Enterprise Cloud Security usage.
April 21, 2023
VM Runtime Scanner v1.4.10, Host Scanner v0.3.9, CLI Scanner v1.3.8
We are pleased to announce the release of three updated versions of our scanning tools:
- VM Runtime Scanner v1.4.10
- Host Scanner v0.3.9
- CLI Scanner v1.3.8
Apart from the usual bug fixing and updates, the most significant improvement in this release is the expanded support for detecting and scanning .NET packages:
- While we previously could parse “packages.lock.json” files, we have now added the capability to parse ".deps.json" files.
- This enhancement will enable us to identify broader vulnerabilities within the .NET ecosystem.
Please be aware that by incorporating this new source, you may discover previously unidentified vulnerabilities in assets that have already been scanned.
April 19, 2023
Container Registry Scanning
Sysdig Secure is excited to announce the general availability of the Image Registry Scanning functionality as part of our Vulnerability Management suite.
This feature provides an added layer of security between the pipeline and runtime stages, allowing you to gain complete visibility into potential vulnerabilities before deploying to production.
Supported Vendors:
- AWS Elastic Container Registry (ECR) - Single Registry and Organizational
- JFrog Artifactory - SaaS and On-Premises
- Azure Container Registry (ACR) - Single Registry
- IBM Container Registry (ICR)
- Quay.io - SaaS
- Harbor
Once the container registry is instrumented and analyzed, you can generate registry reports to extract, forward, and post-process the vulnerability information.
Interested in trying it out live? Sysdig offers a hands-on training lab to launch directly from your web browser.
April 5, 2023
Cli-Scanner 1.3.7 Released
Fixes
Fixed a parsing error that caused RedHat modules to be incorrectly matched when scanned.
See Vulnerabilities|Pipeline for details on downloading and running the cli-scanner
.
March 23, 2023
Risk Scores Explanations Enhanced in CIEM
Understand a breakdown of your CIEM Risk Scores with Overview explanations.
Within the Posture tab, you’ll find different Identity and Access resources with Risk Scores. Select an entity from the list in the table and a drawer appears providing a detailed breakdown of the entity’s risk score, including the specific attributes and permissions that have contributed to it.
Learn more about how risk scores are calculated.
Support for CIS Critical Security Controls v8
The CIS Critical Security Controls (CIS Controls) are a prioritized set of Safeguards to mitigate the most prevalent cyber-attacks against systems and networks. They are mapped to and referenced by multiple legal, regulatory, and policy frameworks. CIS Controls v8 (latest) has been enhanced to keep up with modern systems and software. Movement to cloud-based computing, virtualization, mobility, outsourcing, Work-from-Home, and changing attacker tactics prompted the update and supports an enterprises security as they move to both fully cloud and hybrid environments.
This policy, with 1,316 controls classified into 18 requirement groups, is now available as part of Sysdig’s posture offering.
Support for OWASP Kubernetes Top Ten
The OWASP Kubernetes Top Ten is aimed at helping security practitioners, system administrators, and software developers prioritize risks around the Kubernetes ecosystem. The Top Ten is a prioritized list of these risks. This policy, containing 344 controls classified into 10 requirements, is now available in Secure.
More information about this policy can be found in OWASP Kubernetes Top 10.
Updated CIS Amazon Web Services Foundations Benchmark to v1.5.0 (latest)
We are happy to announce the update of the existing CIS Amazon Web Services Foundations Benchmark policy to its latest version at the time (v1.5.0). This new version include a new resource type (EFS File System) for greater coverage, as well as new controls for the Amazon Elastic File System (EFS) and Amazon Relational Database Service (RDS) services. The total number of controls in this new update has raised up to 79.
March 22, 2023
Git Scope for Zones
We have extended the flexibility of Zones for Posture to also support Git integrations and IaC (Infrastructure as Code) scanning.
With the introduction of Git scope for zones, users can include the new Git scope types as part of the zone definition and configure the policies that apply for that zone.
Note: Git sources have a new user-defined name field. Existing Git sources will automatically get a name like “Source 1”, “Source 2”, etc.
For more information see the Zones and IaC Security documentation.
March 22, 2023
Helm Chart 1.5.80+ and Cli-Scanner 1.3.6 Released
Fixes
RELEASE suffix in Java packages leading to false negatives resolved
Specific Java packages containing a .RELEASE suffix were not correctly matched against their existing vulnerabilities, for example:
https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-web/1.2.2.RELEASE
was not correctly parsed and matched against the relevant vulnerabilities. This case is particularly common for spring-boot libraries.
This fix will remove false negatives, i.e. uncover real vulnerabilities that were present in those packages but not previously listed
This could lead to an increase in the number of vulnerabilities and policy violations.
Improvements
Display full path for jar-in-jar libraries
When a jar library is found inside another jar container, Sysdig will display the absolute and relative path inside the jar, using the colon as separator:
Before: /SpringHelloWorld-0.0.1.jar After: /SpringHelloWorld-0.0.1.jar:BOOT-INF/lib/spring-core-5.3.16.jar
See Vulnerabilities|Pipeline for details on downloading and running the cli-scanner
.
March 14, 2023
Legacy Inline Scanner v 2.4.21 Released
Change
- Updated anchore to 0.8.1-57 (March 2023)
- Support OCI manifest list: parse and scan images built with attestation storage
Fix
Vulns fixes for the following High severity CVEs:
- CVE-2022-41723
- CVE-2022-47629
- CVE-2023-24329
- CVE-2023-25577
March 9, 2023
Inventory Released as Tech Preview
We are happy to announce that Inventory is available to all customers as a new-top level menu item.
It provides several new capabilities:
Search and filter for resources based on a growing list of attributes such as
Labels
,Zones
, and Posture information (policy
,requirement
,control
,accepted risk
,control severity
);Access a 360-view of each resource, which includes its posture violations, metadata, and configuration details;
Review resources’ posture violations and remediate them by opening a Pull Request or manually applying a patch;
Query the Secure API to get a list of multiple resources or retrieve a single one.
(For API doc links for additional regions, or steps to access them from within the Sysdig Secure UI, see the Developer Tools overview.)
Note: Inventory is a SaaS-only feature of Sysdig Secure.
March 6, 2023
Cli-Scanner 1.3.4 Released
Sysdig has released version 1.3.4 version of the cli-scanner. s
March 8, 2023
KSPM policy for CIS Kubernetes V1.24 Benchmark released
A new Posture policy has been released following the CIS Kubernetes V1.24 Benchmark. This policy provides prescriptive guidance for stablishing a secure configuration posture for Kubernetes 1.24 and includes 13 new controls.
March 1, 2023
Improved Search of Posture Controls
Our ~1000 Posture Controls are now easier to find, by their Name, Description, Severity, Type and Target platform or distribution, anywhere you are looking for them:
- Filtering for controls in the Control library
- Filtering in the Policies library, including while editing your custom policy
We also added enhanced visibility of control targets by showing the supported platform and distributions on each control.
Support for OCP, IKS and MKE
We have added Posture support for new Kubernetes distributions:
Support for Red Hat OpenShift Container Platform 4 (OCP4):
- CIS Red Hat OpenShift Container Platform Benchmark policy.
Support for IBM Cloud Kubernetes Service (IKS):
- Sysdig IBM Cloud Kubernetes Service (IKS) Benchmark policy.
Support for Mirantis Kubernetes Engine (MKE):
- Sysdig Mirantis Kubernetes Engine (MKE) Benchmark policy.
February 28, 2023
New Page for Privacy Settings
A new page has been added in Administration|Settings to adjust Privacy settings for Sysdig Secure.
February 27, 2023
New Filter and Grouping for Threat Detection Policies
This release enhances the Threat Detection policies by showing the policies in a grouped manner and the ability to filter by policy type.
Additionally, badges on the list now alert when rules have been added or updated in managed policies.
February 17, 2023
Posture Now Supports Red Hat OpenShift Container Platform (OCP4)
Sysdig is pleased to announce the support for the OpenShift platform. The CIS Red Hat OpenShift Container Platform Benchmark policy is now available, with 181 controls (145 are exclusive to OpenShift), using a new Cluster resource type which is of paramount importance in OCP4 due to the nature of the platform.
February 16, 2023
View Insights Grouped by User
The Insights vizualization now permits viewing events grouped by user, greatly improving the ability to spot outliers. You can also see all events from a particular user in reverse chronological order. See the Insights documentation for details.
February 14, 2023
New Filter and Grouping for Rules Library
This release enhances the Threat Detection rules library by showing the rules in a grouped manner as well as adding the ability to view only custom rules.
February 2, 2023
VM Reports Now Include Risk Spotlight (In Use) and Accepted Risks
The Risk Spotlight feature (In Use) and the Accepted Risks are now available in the VM Reporting feature as both an additional metadata column and a configurable filter. Every matching vulnerability will have these two new additional columns, plus the matching true/false filters.
January 25, 2023
Cli-scanner 1.3.3 and Jenkins Plugin 2.2.7 Released
Sysdig has released version 1.3.3 version of the cli-scanner and 2.2.7 version of the Jenkins Plugin.
Scanner Fixes: Bug fixes, some of which were impacting policy evaluations.
Plugin Update:
- Updates to the scanner
- Adjustments to the string representation of some policy rules in the report section
- Several bug fixes, including one that caused the build to fail when it shouldn’t
Non-Containerized Install Available for Host Scanning
While Helm is the recommended installation method, if you want to scan a host without using containers at all, we also offer a standalone binary and an RPM package.
Liveness and Readiness Probes Added to Helm Chart
Starting from sysdig-deploy Helm chart version1.5.34
, we have added livenessProbe
and readinessProbe
which checks for vulnerability runtime scanner component health, in agreement with the Kubernetes monitoring and scheduling practice.
Be aware, this requires having a vuln-runtime-scanner
version >= v1.4.4"
January 2023
Inventory Released as Controlled Availability
Sysdig Secure now offers an Inventory, so you can gain visibility into resources across your cloud (GCP, Azure, and AWS) and Kubernetes environments.
- Search and filter for resources based on their metadata
- Get a high-level overview of resources’ compliance violations
- Access a 360-view of each resource, starting with its configuration details and facilitated by the unification of Sysdig’s data
- View and share resources’ configurations
January 19, 2023
Host Scanning Enhancements and General Availability
Vulnerability management for Hosts has received several upgrades and is now considered General Availability.
Newly supported Host OSes
- Alibaba Cloud Linux (a.k.a. Aliyun Linux)
- Google Container-Optimized OS (COS), build 89+
See all supported Host OSes.
Host Vulnerability Reporting
Now it is possible to create scheduled vulnerability reports targeting the Hosts which are scanned with the Sysdig product.
From the Reports function in Sysdig Secure, you can now select if you want to target the Runtime Workloads
or Runtime Host
.
Note that scope labels and report columns will follow the Host Scanning metadata, i.e. HostName
or Cloud Provider Region
.
January 17, 2023
CSPM Compliance GA Released
Sysdig is pleased to announce the GA release of the new CSPM Compliance module. Focus your compliance results on your most important environments and applications!
New features introduced:
- Compliance Page - a new compliance page is introduced - ordered by your zones!
- CSPM Zones Management
- A default Entire Infrastructure zone is created for each customer
- Create your own zone:
- Define scopes for the resources you want to evaluate
- Apply a policy to your zone to add it to the compliance page
- 40+ new Risk and Compliance Policies included
To get to know our path from detection to remediation, risk acceptance, zones management, installation and migration guidelines, please review the documentation.
Note that the new compliance module is not available for IBM Cloud and OnPrem users. They should continue taking advantage of Unified Compliance.
January 5, 2023
IaC Scanning now Supports Terraform AWS
Sysdig is releasing support for Terraform resources from the AWS Provider. If you have implemented Git IaC Scanning, then pull request checks will now scan AWS resources and report violations of the CIS AWS Foundations Benchmark.
The list of supported resource and source types is now:
- Kubernetes workloads in YAML manifests
- Kubernetes workloads in Kustomize
- Kubernetes workloads in Helm charts
- Kubernetes workloads in Terraform
- AWS cloud resources in Terraform
Other changes in the release include improved Kubernetes resources scanning in Terraform to support additional use cases.
For more information please check our IaC Security documentation
December 21, 2022
Additional Feeds for Golang Added to Vulnerability Management
Sysdig has added feeds to detect a wider range of Golang-related vulnerabilities. By extracting the packages declared in Golang binaries, we are surfacing vulns in the libraries used to build those binaries. In particular:
This added feature could translate to net-new vulnerabilities for assets that have been already analyzed.
December 20, 2022
Vulnerability Host Scanning for Google COS Added
Google COS support has been added to the (preview feature) Host Scanning.
Host Scanning is installed by default when deploying with the Helm chart sysdig-deploy version 1.5.0+
.
- Note that Google COS support requires
HostScanner
container version0.3.1+
.
The new directories added to the default set scanned include:
Generic binaries (such as docker/containerd and infra tooling)
/bin,/sbin,/usr/bin,/usr/sbin,/usr/share,/usr/local
Libraries (such as default python libs)
/usr/lib,/usr/lib64
GoogleCOS tooling directories
/var/lib/google,/var/lib/toolbox,/var/lib/cloud
December 15, 2022
Sysdig Agent Health Dashboards Enhanced
We are happy to announce that the Sysdig Agents page under Data Sources has been updated to enhance visibility into the health of Sysdig Agents. You can now:
- Filter Agents by their Health Status, version, and environment including Account ID, Cluster, and Node.
- View your Total Connected Agent Count over time
December 13, 2022
Platform Audit UI
We are happy to announce that the Sysdig Platform Audit now has a UI within the Sysdig application, in addition to the existing API.
With the UI you can:
Filter audit data based on multiple criteria for easier searching
Filter within a specific date range
View full details of a given audit event
December 1, 2022
Vulnerability Management for Hosts (Preview)
Sysdig is deploying all-new host scanning capabilities for vulnerability management. The hosts that support your workloads and containers are a critical part of your infrastructure security. They can even offer a more attractive target for attackers than containerized software, due to the lateral movement possibilities they offer.
Sysdig’s host scanning and integrated vulnerability management features unify runtime workloads and their associated hosts under a single streamlined interface and user flow. The provide visibility over the full infrastructure security posture.
Host Scanning is installed by default when deploying with the Helm chart sysdig-deploy version 1.5.0+
.
See the documentation for more about the supported Host OSes, CPU architectures, alternative installation methods, and how to use the feature.
November 30, 2022
JIRA Ticketing Integration
Sysdig is pleased to announce the release of the JIRA Ticketing feature. Users can now open JIRA tickets within the Secure UI and assign them to team members directly. The first iteration will allow customers to open tickets from Identity Recommendations from the Home page.
See how to set up this JIRA Ticketing Integration.
Vulnerability Management Accept Risk (Exceptions)
Sysdig’s Vulnerability Management policies already allow a user to configure thresholds to surface the most relevant data, e.g. Critical vulnerabilities with a Fix available. Still, complex organizations also require the ability to introduce exceptions (for false positives, preconditions that don’t apply, etc.).
“Accepting Risk” is now available as a Vulnerability Management feature in Sysdig Secure.
You can accept the risk of individual CVEs or entire hosts or container images, and can define specific contexts such as package types and expirations dates. The Sysdig UI highlights the risks that have been accepted and can filter for them.
This feature requires that you have deployed Sysdig with sysdig-deploy Helm chart version v1.5.0+ with vuln-runtime-scanner version 1.4.0+ and sysdig-cli scanner v1.3.0+.
See here to check your versions and upgrade if needed.
November 21, 2022
CSPM Compliance: Reporting & API Preview Released
Sysdig is pleased to announce the Preview release of CSPM Compliance Reporting and API.
This feature includes the ability to:
- Download CSV directly from the compliance results view
- Download CSV directly from the results view of a specific control
- Receive JSON of compliance results directly via API for:
- Compliance Overview
- Compliance Results
- Control Resource Lists
See also: Create and Download a Report and the CSPM API Documentation for Developers
Link Policies to Your Organization’s Runbooks
Sysdig Threat Detection policies now include the option to specify a Runbook link with each policy. If the policy triggers an event, the Runbook link will be displayed in the event details, as well as in the notification. This allows users to tie their security triage processes directly into Sysdig Secure.
See Manage Policies: Define the Basic Parameters and Secure Events: Detail Panel.
November 7, 2022
Usability Improvements for Secure Events
Link Events to Network Activity, Tuner, View Rule
To help security investigators distinguish false positives from real issues, it can be helpful to review the associated network activity. We are adding a link to Sysdig’s Network Typology visualization directly into relevant event details, under the Respond button.
Similarly, where applicable, the Runtime Policy Tuning feature will show up under the Respond button. The user can go through the flow to add exceptions and reduce false positives.
Finally, we’ve added the ability to view the rule definition from the event details panel. You can see the event details and the rule definition side-by-side.
See the documentation for details.
Rule Names Added to Event Notifications
The notifications for runtime events have been enhanced to include a rule name. For Email, Slack, and Microsoft Team, the rule name will be a link to the rule definition.
October 26, 2022
New Secure Event Forwarder Integration: Google Security Command Center
A new integration has been released for Sysdig Secure’s Event Forwarder functionality: Google SCC
October 24, 2022
New Home Page
Sysdig is pleased to announce the release of a new Home page! This feature is open for all customers. The Home page offers a clean, visual representation of the most important issues in your environment and a curated list of the top tasks required. The top half encompasses the Dashboards and includes:
- Visual charts highlighting areas of concern within your environments with ability to filter
- Drill down into relevant product area scoped for what was clicked on
- Full screen Dashboard capabilities
The bottom half encompasses the To Do Recommendations list and will:.
- Guide users to take the most impactful actions to reduce security risks in their environments
- Offer tailored recommendations with aggregated and prioritized tasks
The Getting Started page is being deprecated with this release; see Home and Data Sources for more detail.
September 20, 2022
Disable a Rule within a Policy
Starting today, customers can disable (and re-enable) individual rules within threat detection policies. This allows:
- Using a subset of rules within a managed policy or managed ruleset without giving up the ability to receive new rule updates.
- Temporarily disabling a noisy rule until the cause is investigated or an appropriate exception is put in place.
September 19, 2022
Actionable Compliance - Control Library Preview Released
Sysdig is pleased to announce the Preview release of CSPM Control Library in Actionable Compliance.
This is a technical preview release and the feature is open for all customers.This feature includes:
- Visibility of all available controls
- Filter for specific controls by control attributes
Read more about the feature here.
August 29, 2022
Actionable Compliance - Custom Policies Preview Released
Sysdig is pleased to announce the Preview release of CSPM Custom Policies in Actionable Compliance.
This is a technical preview release and the feature is open for all customers.
This feature includes:
- Clone an existing policy and edit its metadata
- Create, Edit & Delete a custom policy
- Create, Edit & Delete requirements in a custom policy
- Link & Unlink available controls to policy requirements
You can read more about the feature in Sysdig’s documentation.
Coming soon in Actionable Compliance:
- Control Library
- Creating your own custom control in a custom policy
August 17, 2022
New Permission for Changing Team Roles
Team management has been improved with the addition of the new permission, Team Membership Roles. This new permission will allow you to change the roles of team members separately while adding users to the teams.

For more information, see:
August 10, 2022
Machine Learning Policies
A new machine-learning-based detection capability is available in Sysdig Secure.
While we strongly believe in our Falco-based rule approach, and do not consider machine learning to be the best way to detect every threat, we understand that specific use cases such as Cryptominer detections require a different approach. This is the first detection capability available in our Machine Learning policies. Read more about how to configure them and how they work here.
Read more in our dedicated press release.
August 4, 2022
Agent Overview Page Released in Data Sources (Preview)
An Agents overview page in the Data Sources |Integrations interface has been made available in Technology Preview for all customers. This new page shows all of the Sysdig Agents that have reported into the Sysdig backend, and enables the user to quickly determine:
- Which agents are up-to-date, out of date, or approaching being out of date
- Which managed clusters have been detected in your cloud environment, but have not yet been instrumented with the Sysdig agent
The feature will remain in Technology Preview, as we add additional functionality and refine the workflows within the page.
See also: Data Sources | Sysdig Agents
Actionable Compliance - CSPM Policies Preview Released
Sysdig is pleased to announce the Preview release of CSPM Policies in Actionable Compliance. This is a technical preview release, and the feature is open for all customers.
This feature includes:
- See what is being evaluated by the Actionable Compliance feature in the context of compliance standards (CIS, NIST, etc.)
- Review the policy structure and the controls connected to it
- Enable/disable controls
- Filter controls by enablement status, violation severity, name, and control type
The features are under development and will soon include the ability to create custom CSPM policies as well.
Read more in CSMP Policies (Preview).
July 28, 2022
Managed Threat Detection Policies
Starting today all existing customers will see all existing policies labeld as Custom Policies
and with a list of disabled Managed Policies
. The existing custom policies work exactly as they have always worked, and do not require any action from the user to make changes. However to get the power of the Sysdig Threat Research team, we recommending moving over to the new managed policies. You can read more about the different types of managed policies here.
July 21, 2022
Actionable Compliance - Accept Risk Preview Released
Sysdig is pleased to announce the Preview release of Risk Acceptance in Actionable Compliance, This is a technical preview release, and the feature is open for all customers. This feature includes:
Improving compliance score by Accepting a risk on a failing resource in a control
Registering an Acceptance reason and expiration date
Editing and revoking acceptance
Compliance views - summary of accepted risks
Violation results mini-inventory - filtering by Accepted resources
You can read more about the feature in the documentation.
June 23, 2022
New Secure Event Forwarder Integrations: Elasticsearch & Microsoft Sentinel
Two new integrations have been released for Sysdig Secure’s Event Forwarder functionality:
June 2, 2022
Actionable Compliance Preview Released
Sysdig is pleased to announce the first Preview release of Actionable Compliance, the next phase of the Sysdig Secure compliance offering and the first capability to support KSPM, and in the future also CSPM. This is a technical preview release, and the feature is open for all customers.This feature includes:
- Compliance views - a redesigned summary view for each built-in policy
- Violation results - the first-ever mini-inventory to show violated resources with filtering capabilities
- Actionable Remediation - automatically open a Pull Request to remediate a resource violation in its git stored source file (Infrastructure as Code)
Technical highlights:
Inventory based collection - a paradigm shift in how we collect CSPM data - bring it raw!
New agent collector - gathers all Kubernetes objects (workloads, subjects, roles, etc.) from the customer for Inventory future use
New node-analyzer container - collects the node’s Kubernetes, Linux & docker configurations
8 new micro-services
OPA based policies - built-in policies (previously benchmarks) with OPA controls (previously rules) for Kubernetes, docker & Linux
You can read more about the feature in Sysdig’s documentation
May 23, 2022
Custom Roles
A custom role is an admin-defined role that allows Sysdig administrators to bundle a set of permissions and assign those permissions to individual users or teams. Custom roles allow for finer-grained definition beyond the standard out-of-the-box Sysdig Roles. Once defined, a custom role can be assigned to any user inside a particular team, and also be configured as the default role for new users in that team. For more information, see Custom Roles.
The addition of custom roles into the platform is transparent, meaning that standard roles and assignments that already exist will not experience any changes.
May 19, 2022
Menu Option to Display New and/or Old Scanning Interfaces
To facilitate a smooth transition from the Legacy Scanning Engine to the new Sysdig Secure Vulnerability Management, the Settings Menu now provides options for displaying the UI for the new, legacy, or both scanning engines.
Safe and transparent: This is a non-intrusive change; regardless of how you have the current New Vulnerabilities engine
toggle set, the Sysdig Secure navigation menu will not be modified without explicit user intervention. And the toggles will only alter the user interface and not impact the function or running of the engine itself.
To enable/disable: See Which Scanning Engine to Use
If both are enabled: The two sets of features are clearly distinguished in the Navigation menu.
May 18, 2022
Policy Advisor Deprecation Notice
Sysdig Policy Advisor will be removed from all Sysdig accounts on June 17, 2022.
Policy Advisor was built during a time when PodSecurityPolicies (PSPs) were the only way to add Security Policies to a Kubernetes workload. PSPs have now been deprecated in Kubernetes 1.21, released more than a year ago.
May 17, 2022
Runtime Scanner 1.0.3 Released
- Optimized requests performed on the Kubernetes API
See also: Vulnerabilities | Runtime
May 4, 2022
Sysdig Platform Audit
We are glad to announce that Sysdig Platform now supports the capability of tracking, logging and reporting on all changes in the system.
- Track all activities on the API level
- Retention period: 90 days
- Simple API for retrieving audit information (no UI)
- Events Forwarding support to be included in the near future (to be announced)
- Enabled by default for all SaaS customers
See also: Sysdig Platform Audit
Sysdig Platform Login Banner
We would like to announce that Sysdig Monitor and Secure now allow you to define a Login Message that will be presented to all users. Added to boost Sysdig compliance/enterprise readiness, requested originally by the IRS.
- Users are not allowed to access the system until they acknowledge the message
- One login banner per customer
- Only Admin users can enable/update the message
- Single banner for both Monitor and Secure (for Platform customers)
- Available on SaaS for all customers
See also: Configure Login Message
May 3, 2022
Insights Feature GA
This release marks the general availability (GA) of the Secure Insights feature. Some of the changes introduced include:
- Better support for Azure events
- AWS IAM permission integration
- Bug fixes for policy tuner flow
- Limit for displaying events in a time range removed
May 2, 2022
DriftControl Policies: Detect and Prevent Drift in Container Runtime
Sysdig agent can now detect when a new executable was added to a container after a container has started up. The agent collects when a file was downloaded and made executable. When using prevention
mode, the agent can also deny the process from ever running. A policy can also be used to define binaries that should be denied/excluded from being denied if they have been added after the container has started.
See also: Drift Policy
April 28, 2022
Component Security Fixes
The following Sysdig Secure components were updated with the latest security patches (April 2022):
quay.io/sysdig/secure-inline-scan version
2.4.10
(legacy scanner)quay.io/sysdig/host-analyzer version
0.1.7
quay.io/sysdig/node-image-analyzer version
0.1.17
April 20, 2022
New Vulnerability Management Engine
Sysdig is pleased to announce the New Vulnerability Management engine, a major upgrade to the vulnerability and image scanning functionality for the Sysdig Secure product.
Major Highlights
Scanning times have been drastically reduced: 8x faster on average!
Additional data for vulnerabilities and remediation
- CVSS scores and metrics: Network Attack Vector, Privileges required, etc.
- Flagging of publicly available code Exploits
- Suggested package fix version
Risk spotlight Focus on the vulnerabilities that Sysdig detects in active packages at runtime.
- This is a new filter that only shows CVEs with active packages, to save time browsing infrastructure and to help focus on high-impact CVEs
New Vulnerability Reporting module
- Up to 14 days retention of individual reports
- “Generate now” immediate scheduling directly available from the UI
Flexible policies that can be attached to the different runtime and security contexts
How to Move to the New Scanning Engine
The new vulnerability management engine uses a different data storage, API, host components, and user interfaces than the legacy scanning.
- Contact your Sysdig representative; she/he will guide you through the process of migrating your subscription and vulnerability management configuration to the new engine.
- Full documentation available here.
March 8, 2022
Scanning Component Updates
The following components have been upgraded to the listed versions with bug fixes and security updates:
- node-image-analyzer:0.1.16
- secure-inline-scan:2.4.9
- host-analyzer:0.1.6
The latest Helm chart includes these versions for Node Image Analyzer and Host Analyzer. Follow the usual process to upgrade the inline scanner.
March 3, 2022
New CIEM Features
User Risk Labels
Risk Labels are now surfaced to highlight insecure attributes for specific Users and Roles. They are listed within the Users & Roles page and within the User Details tab of a specific user.
Trend Charts in Overview
Time charts are now available within the Overview tab of Identity and Access. These help to visualize your Permission trends over time for Users, Policies, and Resources.
CSV Report Export
All of the pages within Identity and Access can now be exported as a CSV file. Select the Download CSV button found at the top right corner of all pages.
Effective Permission Calculation
AWS supports different types of policies to limit permissions on different scopes. Sysdig has added support for calculating effective permissions based on permission boundaries and organization level service control policy (SCP). This gives additional context when viewing permissions set on identities. For example, an identity that has been given administrator level identity policy will be limited in overall permissions if there is a permission boundary policy attached to it.
CIEM Data in Insights
Within the Cloud Activity and User Activity views in Insights, there is now an Identity and Access tab. This will help investigative flows to understand the context from an IAM perspective.
March 1, 2022
New: Data Sources Instrumentation
On the Data Sources > Managed Kubernetes
page: For unconnected clusters, Sysdig has added quick instrumentation instructions using the known details about the cluster, such as the cloud account, region, and cluster name.
February 28, 2022
New: Data Sources Features
Cluster Status
The Datasources page now tracks all Managed Kubernetes Clusters, and if they have been connected or not connected. This can help determine if a sysdig agent is no longer reporting to the Sysdig backend should it go down for any reason, such as not having enough resources to install. Each node will also report on the agent version installed at that time.
Instrumentation Instructions
Sysdig has added quick instrumentation instruction to a Managed Kubernetes Cluster using the known details about the Kubernetes Cluster, such as the cloud account, region, and cluster name.
February 10, 2022
Improved Usability with New Navigation
Sysdig’s new navigation improves the usability of the left-hand navigation for faster and easier navigation of where you’re trying to go.
Check out a video walk-through of the new feature!
Improved Menu Handling
Hoverable Sub-Menu: With each module that has additional menu options, hover over the respective module to quickly navigate.
Collapsible Main Menu: Save space with the collapsible left-hand navigation.
New Menu Option: Integrations
A dedicated Integrations menu option provides an easy way to access both inbound and outbound integrations.
Inbound:
- Access the Cloud Accounts page to quickly understand which applications and services are running, and where the Sysdig agent is installed.
- Access Managed Kubernetes to get a catalog for all the managed Kubernetes clusters in your environment. The status shown is
connected/unconnected
based on whether the agent is installed or not. - 3rd Party: Manage your Git Integrations
Outbound: Manage your Event Forwarding, Notification Channels, and S3 Capture Storage
3rd Party: Manage your Git Integrations
Revamped User Menu
Now all the settings options are collected and exposed in one mega menu. Find the right page before navigating away from where you are.
February 2, 2022
Enhanced Unified Filter for Event Feed
The Sysdig Secure Event Feed is getting a new unified filtering experience, available now for SaaS accounts.
Easily toggle from the original to the cleaner, simpler enhanced version, where you will find:
- Unified scopes, free text and any other filterable/searchable attributes on a single lean bar
- Autocomplete on keys and values
- Autocomplete/suggest operands
- One-click quick filtering directly from the list of displayed elements
- Saved filters in various formats– no more retyping common filter expressions
- Favorite filters, stored per user and feature
- Default filters, per user and feature
- Recent filters, per user and feature
See also: Secure Events
January 26, 2022
Unified Compliance Reporting
We are pleased to announce a rework of our Compliance and Benchmarking capabilities. This change brings a number of improvements:
- Compliance and Benchmark tasks are now scheduled, managed, and generate reports in an updated and unified interface, including simpler pathways to remediation and easier-to-navigate reports.
- The logic used to check individual controls now checks for events signalling control failures, as well as ensuring the correct Runtime rules are configured to detect these events. This leads to a more comprehensive audit that captures activity as well as configuration.
- New compliance standards and platforms: added
- For workload, AWS, GCP, and Azure:
- NIST 800-82 Rev2
- For workload and AWS:
- Fedramp (workload and AWS only)
- HITRUST CSF 9.4.2 (workload and AWS only)
- For GCP and Azure
- GDPR
- HIPAA
- ISO 27001:2003
- NIST 800-53 Rev4
- NIST 800-53 Rev5
- NIST 800-171
- NIST 800-190
- PCI / DSS v3.2.1
- SOC 2
- For workload, AWS, GCP, and Azure:
Prerequisites
Agent version >=
12.0.4
If necessary, install or upgrade your agent to the appropriate version.
Node analyzer installed
NOTE: If you are upgrading from an earlier version of Sysdig Secure, your existing compliance and benchmark records will be migrated to the new version and retained on the same schedule as before.
See also: Compliance
New Feature: Review Applied Kubernetes Network Policies
Sysdig Secure has added the ability to view the KNPs that have been applied directly from the Network Security Policy UI.
You can:
Review the relevant policies applied to the pod-to-pod communication for the current view
Click
View Policy
to see the rawyaml
output of the network policy applied to that workload.
See also: Netsec Policy Generation
January 2, 2022
Welcome Infrastructure-as-Code!
Infrastructure-as-Code (IaC) is an important part of today’s cloud-native infrastructure. We at Sysdig know that the earlier you identify possible posture issues, the better off you are.
The new feature allows you to integrate Kubernetes IaC checks into your Git pipeline. With just a few clicks, the standard compliance checks will be integrated into the Pull Request (PR) flow and alert developers when they create violations of the policy before they merge.
Supportability & Requirements
The new capability will use either an application or a webhook in your respective git provider.
- Github - Github Application
- Gitlab - Webhook
- Azure DevOps - Webhook
- Bitbucket - Webhook
For each provider you can define the repos and folders to protect, as well as branches on which to perform the evaluation.
See also: Git IaC Scanning
2021 Archive
2021 Archive of Sysdig Secure (SaaS) released features.
2020 Archive
2020 Archive of Sysdig Secure (SaaS) release notes.
2019 Archive
2019 Archive of Sysdig Secure (SaaS) release notes.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.