Sysdig On-Premises Release Notes
- Supported Web Browsers: Sysdig supports, tests, and verifies the latest versions of Chrome and Firefox. Other browsers may also work but are not tested with the same rigour.
- Falco Rules: You may also want to review the update log for Falco Rules used in the Sysdig Secure Policy Editor.
6.14.0 Release, September 2024
Upgrade Process
Supported Upgrades From: 5.0.x, 5.1.x, 6.x
For the full supportability matrix, see the On-Premises Install Documentation. This repository also includes the on-premises Installation documentation.
Sysdig Secure
Accept Risk for Rules
Sysdig now offers its Risk Acceptance capabilities for Rules with customizable risk management scopes. This enhancement allows you to extend risk acceptance in both broad and granular ways, giving you greater control over your security policies. Previously, accepted risk was scoped only for a CVE, image, or host.
For more information, see Accept Risk.
Download Vulnerability Scanning Results in CSV Format
You can now download vulnerability reports in CSV format. This enhancement allows you to quickly and accurately export vulnerability data for analysis, reporting, or integration with other systems, thereby enhancing productivity and reducing the risk of data mishandling download capability.
For more information, see Download Vulnerability Scanning Results in CSV Format.
6.13.0 Release, July 2024
Upgrade Process
Supported Upgrades From: 5.0.x, 5.1.x, 6.x
For the full supportability matrix, see the On-Premises Install Documentation. This repository also includes the on-premises Installation documentation.
Sysdig Platform
Notify Expiration of Team-Based Service Token
You will now receive alert notifications when team-based service token is about to expire.
Optimized Sysdig Installer
The Installer has been optimized to improve the installation time by 20%.
Public API Support
Sysdig Public APIs for Sysdig Monitor, Sysdig Secure, and Sysdig Platform are now supported in on-prem environments. Contact Sysdig Support for details.
Sysdig Secure
Layered Analysis
Sysdig extends its power of container image scanning toolkit to include Layered Analysis to provide insight into image hierarchy and explore every layer. Layered analysis offers:
Improved Ownership and Remediation: Differentiate between base image and application layers to streamline routing and remediation. The security team can update base images to newer versions, while development teams handle vulnerabilities in the application layers.
Enhanced Investigation and Research: Browse and analyze base images and each layer individually and see the packages and vulnerabilities included in each image and layer. This helps gain insights into when and how vulnerabilities were introduced. See the exact Dockerfile command related to each vulnerability layer for a deeper understanding.
For information, see Layered Analysis.
CSAF-VEX as the Primary Data Source for Redhat Vulnerabilities
Sysdig has transitioned from using Redhat OVAL (Open Vulnerability and Assessment Language) as the primary data source for Redhat vulnerabilities to the new CSAF-VEX (Common Security Advisory Framework Vulnerability Exploitability eXchange). This change is aimed at enhancing the vulnerability matching accuracy, improving data quality, and streamlining Sysdig’s overall security processes. Here are the key changes introduced by CSAF-VEX:
Enhanced Data Accuracy and Quality: CSAF-VEX provides more precise and comprehensive vulnerability information. The structured format ensures that data is presented consistently, making it easier to interpret and act upon.
Improved Vulnerability Assessment: The transition to CSAF-VEX will enable more detailed vulnerability assessments, including specific exploitability information. This will allow for more informed decision-making regarding vulnerability prioritization and remediation.
Better Compatibility and Future-Proofing: CSAF-VEX is aligned with modern security standards and practices, ensuring better compatibility with other security frameworks and tools. This transition positions us to adapt more readily to future advancements in vulnerability management.
Support for Rocky Linux
The new Vulnerability Management engine supports Rocky Linux versions 8 and 9.
Defect Fixes
- Fixed the issue where Secure API documentation does not load as expected.
- Cluster Scanner retrieves the label owner from scanned clusters as expected.
6.12.0 Release, June 2024
Upgrade Process
Supported Upgrades From: 5.0.x, 5.1.x, 6.x
For the full supportability matrix, see the On-Premises Install Documentation. This repository also includes the on-premises Installation documentation.
Upgraded to OpenSearch v2
For fresh installations and upgrades to version v6.12.0, OpenSearch v2 is included. If you are currently using on-prem version 5.x and plan to upgrade to v6.12.0, ensure that you have first migrated your environment to OpenSearch v1 by upgrading to any on-prem 6.x before proceeding with the upgrade to version v6.12.0.
Sysdig Secure
Download Scan Results in PDF Format
You can now download scan results in PDF format showing the top 100 packages and vulnerabilities. For more information, see Download Scan Results.
Manual Scanning of Registry Images
You can use the Scan Now UI to manually scan the registry images. The results are displayed on the Registry page on the Sysdig Secure UI.
Display Container Information in Runtime Scan Results
Runtime Scan results will now include the following container information, in addition to the existing metadata:
Container.name
Container.ID
container.runtime.type
You can also use them while scoping the scan results.
API Docs in Airgap Environments
API documentation for Sysdig Secure is now supported in Airgap Environments.
Defect Fixes
Fixed the issue in Sysdig Secure where total agent count is not shown in the Agents Dashboard.
Fixed the issue where the Cluster name is not auto-populated when creating a Vulnerability report for runtime workloads.
Fixed the issue in Installer where proxy settings where not honoured.
To help remove the proxy settings, a new CLI option, –disable-proxy, has been added to the installer. Use this option when you want to remove an existing proxy. To remove the existing proxy setting:
- Remove the relevant entries from the
values.yaml
file. - Use the
--disable-proxy
when running the installer commands, such as generate, diff, and deploy
6.11.0 Release, April 2024
Upgrade Process
Supported Upgrades From: 5.0.x, 5.1.x, 6.x
For the full supportability matrix, see the On-Premises Install Documentation. This repository also includes the on-premises Installation documentation.
Sysdig Secure
New VM Risk Acceptance Public API
Formerly accessible solely through the UI, the Risk Acceptance feature has now been exposed via a robust Public API, granting you unparalleled control over risk acceptance. The Risk Acceptance API adheres to the rigorous standards, ensuring seamless integration and alignment with industry best practices. For more information, please Contact Support.
RBAC Permissions Available in Vulnerability Management
Administrators can now define which roles are permitted to access the Vulnerability Management, Policy, Reporting and Risk Acceptance functions. For more information, see Custom Roles.
Defect Fixes
Fixed the issue in Installer where helm charts were not specifying node affinity, causing workloads to not be scheduled correctly.
6.10.0 Release, April 2024
Upgrade Process
Supported Upgrades From: 5.0.x, 5.1.x, 6.x
For the full supportability matrix, see the On-Premises Install Documentation. This repository also includes the on-premises Installation documentation.
Sysdig Platform
Enhanced Team Settings
Enterprise accounts with a large number of users within a single Team can now efficiently manage their users by using the enhanced Team Settings interface. The Teams interface, including the List and Team Edit pages have been upgraded to provide a more streamlined Team and User management experience. For more information, see Manage Teams, Roles, and Service Accounts.
Upgrade sysdig-mini-ubi to v1.3.15
The Installer has been updated with the base image v1.3.15.
Prevent Malware Communication to Agent from Collector
Due to a race condition defect in processing malware messages in agent versions below v13.0.0, malware-related communication from the collector to the agent is prevented, even if the agent requests it.
Sysdig Secure
Vulnerability Feeds in Airgap Environments
When updating the sysdigcloud-scanningv2-airgap-vuln-feeds
deployment with a new image tag, the old replicas will remain available until the new one is fully operational. This feature is beneficial in cases where pulling a new image from a registry fails.
Previously, only one replica was active, and the pod would terminate first before the new one was created. This process could lead to backend failures if the image retrieval failed during this transition.
Defect Fixes
- Fixed the issue where RKE2 clusters were missing most ingresses, resulting in the cluster failing to access different endpoints and returning a 404 error on request.
- Fixed an issue where Sysdig app status was visible in on-prem installations.
- Fixed an issue where installation was failing on Openshift due to insufficient wait time for
sysdigcloud-postgres-operator
.
6.4.6 Hotfix Release, April 2024
This hotfix addresses the issue of the Secure login page not being displayed after restarting the sysdigcloud-api pod.
Upgrade Process
Supported Upgrades From: 5.0.x, 5.1.x, 6.x
For the full supportability matrix, see the On-Premises Install Documentation. This repository includes the on-premises Installation documentation.
6.9.1 Hotfix Release, March 2024
This hotfix addresses the following:
Update the rules validator for the policies backend service to allow users to upgrade their default rules to the latest available ruleset
The error during the upgrade process, caused by a missing import code for
pvStorageSize.cassandra
, has been fixed.The issue where the installer incorrectly added a
\n
(line feed) to the context whencurrent-context
is used but the context is not specified in thevalues.yaml
or on the installer command line has been resolved.Cassandra failure during the Zookeeper upgrade process in the installer when override fields are used. To fix the issue, remove the
customOverride
field:cassandra: jvmOptions: -Xms6G -Xmx8G # customOverrides: | # compaction_throughput_mb_per_sec: 300
Upgrade Process
Supported Upgrades From: 5.0.x, 5.1.x, 6.x
For the full supportability matrix, see the On-Premises Install Documentation. This repository also includes the on-premises Installation documentation.
6.7.1 Hotfix Release, March 2024
This hotfix addresses an issue encountered during the zookeeper upgrade process in the installer, providing improved upgrade efficiency and speed.
Upgrade Process
Supported Upgrades From: 5.0.x, 5.1.x, 6.x
For the full supportability matrix, see the On-Premises Install Documentation. This repository also includes the on-premises Installation documentation.
6.4.5 Hotfix Release, March 2024
This hotfix fixes an issue with the slowness in the Secure UI.
Upgrade Process
Supported Upgrades From: 5.0.x, 5.1.x, 6.x
For the full supportability matrix, see the On-Premises Install Documentation. This repository also includes the on-premises Installation documentation.
6.9.0 Release, February 2024
Upgrade Process
Supported Upgrades From: 5.0.x, 5.1.x, 6.x
For the full supportability matrix, see the On-Premises Install Documentation. This repository also includes the on-premises Installation documentation.
Backup and Restore PostgreSQL
Sysdig provides support to back up and restore the configurations data stored in high availability PostgreSQL clusters. See Backup and Restore High Availability PostgreSQL Clusters.
Upgraded to Cassandra v4
For fresh installations and upgrades to v6.9.0, Cassandra v4 will be included. If you are currently using on-prem version 5.x and plan to upgrade to v6.9.0, ensure you have upgraded your data store to Cassandra v3 before proceeding with the upgrade to v6.9.0.
Sysdig Secure
Malware Detection
Sysdig Secure now has the ability to detect fileless attacks using a new Falco rule on the managed policy called Sysdig Threat Detection.
To use this feature, your system must meet the following requirements:
- Agent version 13.0.1+ installed
- Sysdig Threat Detection policy enabled
For more information on Sysdig solution for fileless malware detection, see Fileless Malware Detection.
Contact Sysdig representative to enable this feature in your on-prem environment.
Defect Fixes
- Fixed an issue where agents were restarted when deployed on the same nodes as Cassandra instances.
- Fixed an issue where the scan results are not displayed on the Vulnerability Management UI.
- Fixed an issue where error messages continued to be displayed while viewing the Group Mappings that had not been activated.
- Fixed an issue where upgrading to version v6.x.0 with service accounts triggered a faulty migration that displayed the v6.4.2 UI.
- Fixed an issue where Data Sources UI not reflecting the connected Sysdig Agents correctly.
- Fixed an issue where
Token
,Index
, andSource Type
of an already-configured Splunk integration for Event Forwarding is not displayed in the Sysdig Secure UI.
6.4.4 Hotfix Release, February 2024
This hotfix fixes an option to not display the Sysdig Secure API token in the UI.
Upgrade Process
Supported Upgrades From: 5.0.x, 5.1.x, 6.x
For the full supportability matrix, see the On-Premises Install Documentation. This repository also includes the on-premises Installation documentation.
6.8.0 Release, January 2024
Upgrade Process
Supported Upgrades From: 5.0.x, 5.1.x, 6.x
For the full supportability matrix, see the On-Premises Install Documentation. This repository also includes the on-premises Installation documentation.
Vulnerability Management Support for Report Generation in Zip Format
When you create or edit a report, you can choose JSON, NDJSON, or CSV format and you can also choose Gzip or ZIP compression format. For more information, see Reporting
Use Specific Labels in Vulnerability Reports
You can use specific customer environment labels for creating and distributing vulnerability reports. This enables you to create and segregate Sysdig teams based on workload or container labels that you attach to them.
postgres-ha Operator Upgrade
The postgres-ha operator has been updated to the latest upstream version.
5.1.12 Hotfix Release, January 2024
This hotfix corrects an issue that causes failures when scanning manifests with reference to non-Linux images.
6.4.3 Hotfix Release, January 2024
This hotfix provides the option to restrict the roles that the Service Manager can assign. With this option on, the Service Manager can only assign Standard User roles to Service Developers and Service Manager roles to Service Administrators. It prevents them from assigning Advanced User, Team Manager, or any other custom roles to users.
6.4.2 Hotfix Release, December 2023
This hotfix introduces the ability to count and segment Runtime events by specific labels.
Support for Sysdig Terraform Provider v1.10.0
The Sysdig Terraform Provider v1.10.0 is compatible with Sysdig on-prem version 6.4.0.
Upgrade Process
Supported Upgrades From: 5.0.x, 5.1.x, 6.x
For the full supportability matrix, see the On-Premises Install Documentation. This repository also includes the on-premises Installation documentation.
Defect Fixes
- Fixed reported errors in Captures at Secure-Only on-prem environments.
- Readiness Probe in Sysdig Agent v12.15.0 works as expected.
- Retrieving images and Installers works as expected.
- Audit logs are generated and reported after forwarding to Syslog.
6.7.0 Release, December 2023
Upgrade Process
Supported Upgrades From: 5.0.x, 5.1.x, 6.x
For the full supportability matrix, see the On-Premises Install Documentation. This repository also includes the on-premises Installation documentation.
Breaking Changes During Upgrade from On-Prem v6.5.X or v6.6.X to v6.7.0 or Higher
In v6.7.0, the nats.js PVC requirements have been increased. As a result, it is necessary to resize the PVCs before initiating the installer upgrade.
Open a support case for guidance and assistance with the upgrade process.
Sysdig Secure
Transitioned Vulnerability Management Services to Use NATS-JS
All the Vulnerability Management services have been migrated to NATS-JS from the legacy NATS.
Collector API
ScanResults
RiskManager
Reporting
Registry Scanner
Scan Engine
Vulnerability API
RuntimeView
ScanRequestor
Sbom API
Sysdig Platform
Improved Administration Settings
The Settings page in Sysdig Secure and Monitor has been enhanced to provide you with a superior user experience.
- Reorganized the Settings menu
- Added unified page headers
- Moved the buttons to the top of the pages
Support for Sysdig Terraform Provider v1.18.1
The Sysdig Terraform Provider v1.18.1 is compatible with Sysdig on-prem version 6.7.0.
Defect Fixes
- Removed the Events & Logs option from Data Sources in Sysdig Secure.
- Made the Risk Acceptance page under Vulnerabilities accessible as expected in Sysdig Secure.
- Made NFS file mount points visible post upgrade to Sysdig Agent v12.17 and Sydig backend v6.7.0.
sysdig_host_device_file_in_bytes
will report the NFS mount points.
6.6.0 Release, November 2023
Upgrade Process
Supported Upgrades From: 5.0.x, 5.1.x, 6.x
For the full supportability matrix, see the On-Premises Install Documentation. This repository also includes the on-premises Installation documentation.
Sysdig Secure
Nexus and Google Support for Container Registry Scanning
The Image Registry Scanning functionality in the Sysdig Vulnerability Management engine has been updated to support scanning for the Nexus Repository and the Google Artifact Registry (GAR).
For more information on running the scanner, see the Registry Scanner documentation.
Reporting for Image Pipeline Vulnerability Scanning
The Vulnerability Management engine now supports Reporting for Image Pipeline scanning. This enables the easy collection and reporting of Pipeline scans over a given time.
With this addition, the engine can now report on every type of scan (Runtime, Registry, Host, and Pipeline). Pipeline reports mirror the Runtime and Registry reports, with just a change in the scoping context.
Exception UI Improvements for Threat Detection Rules
Sysdig is introducing a new user-friendly exception builder. The new exception UI, built into the Rules Editor, helps you create, update, modify, and delete exceptions for threat detection rules.
For more information, see Rule Exceptions.
Advanced Users Can Apply Tuning Suggestions
To make it easier to identify and apply exceptions, we have added the option to give Advanced Users and Team Managers permission to see and apply Tuning suggestions from the Insights and Event detail pages.
To enable this:
- Log in to Sysdig Secure as Admin and go to Settings.
- Toggle Advanced User Tuner Enablement on.
Sysdig Monitor
Metrics Usage Enhanced with Dashboards and Alerts Usage Metadata
Metrics Usage now displays which Dashboards and Alerts use a given metric. This gives you better understanding of the value provided by a given metric.
UX Improvements for PromQL Query Explorer
Updated the PromQL Query Explorer with quality of life improvements while running queries:
- Now, only labels relevant to the query metrics are displayed in the autocomplete prompt.
- Labels are automatically selected and displayed in the query results table.
Notification Snapshot for Metric Alert Notifications
Threshold Alert notifications forwarded to Slack or Email now include a snapshot of the triggering time series data. For Slack Notification channels, you can toggle the snapshot within the notification channel settings. When the channel is configured to Notify when Resolved, a snapshot of the time series data that resolves the alert is also provided in the notification.
Sysdig Platform
Settings Page Refresh
The Settings page in Sysdig Secure and Monitor has been enhanced to provide you with a superior user experience:
- Improved color scheme for the dark mode.
- Unified layout and components to establish consistency between Sysdig products.
- Better navigation through the new header component.
Defect Fixes
- Fixed an issue in the Explore module where
promlegacy_*
metrics could prevent metric counts from loading.
6.5.1 Hotfix Release, October 2023
Supported Upgrades From: 5.0.x, 5.1.x, 6.x
For the full supportability matrix, see the On-Premises Install Documentation. This repository also includes the on-premises installation documentation.
Defect Fixes
Fixed an issue where PostgreSQL stopped responding on Google Kubernetes Engine (GKE) environments with High Availability (HA) configuration.
Fixed the
secure-diff
installer command to correctly redact the secrets in the log.
6.5.0 Release, September 2023
Upgrade Process
Supported Upgrades From: 5.0.x, 5.1.x, 6.x
For the full supportability matrix, see the Release Notes. This repository also includes the on-prem installation instructions.
Use of MinIO
Starting from release v6.5.0, MinIO has been added to the on-prem stack, specifically importing the MinIO binary from the upstream, for use in conjunction with Sysdig services.
You can download the MinIO source code in this repository. It is licensed under the AGPL 3.0.
This product includes software developed at MinIO, Inc. Copyright: MinIO Project, (C) 2015-2023 MinIO, Inc.
Sysdig Secure
Vulnerability Management Landing Page
The new Vulnerability Management landing page offers a place to identify, track, and initiate vulnerability management workflows. Here, you can see trends, priorities, and top action items among the vulnerability risks in your environment. The landing page covers all the scanning capabilities for images, workloads, and hosts, as collected by the installed scanners: vulnerability command-line interface (CLI), registry, host, and runtime. Widgets on the page enable you to take action or export data to your native information security tool ecosystem.
This feature enables:
- Vulnerability Managers to easily identify changes in Risk Posture (trends), the most pervasive vulnerabilities, the latest vulnerabilities, and infrastructure segments with the most exposure to risk.
- Program Managers to get easy insight into Policy posture.
- Architects to easily access the data regarding scan counts and adoption rates.
- The Vulnerability Management team to prioritize and manage vulnerabilities at a program level.
Container Registry Scanning
Image Registry Scanning functionality is available as part of the Sysdig Vulnerability Management suite in on-prem deployments.
This feature provides an added layer of security between the pipeline and runtime stages, allowing you to gain complete visibility into potential vulnerabilities before deployment.
The supported vendors are:
- AWS Elastic Container Registry (ECR) - Single Registry and Organizational
- JFrog Artifactory - SaaS and On-Premises
- Azure Container Registry (ACR) - Single Registry
- IBM Container Registry (ICR)
- Quay.io - SaaS
- Harbor
Once the container registry is instrumented and analyzed, you can generate registry reports to extract, forward, and post-process the vulnerability information.
Added Vulnerability Management APIs
The following API endpoints have been released in Technical Preview to list and filter vulnerability scan results for Pipeline, Registry, and Runtime as well as to fetch detailed scan results in JSON format:
- Get a list of pipeline scan results:
GET /secure/vulnerability/v1beta1/pipeline-results
- Get a list of registry scan results:
GET /secure/vulnerability/v1beta1/registry-results
- Get a list of runtime scan results:
GET /secure/vulnerability/v1beta1/runtime-results
- Get full scan results:
GET /secure/vulnerability/v1beta1/results
These API endpoints are applicable only to the current Vulnerability scanning engine.
For more information on accessing the API, see developer tools.
New Vulnerability Management Engine for Airgap Environments
The New Vulnerability Management engine, a major upgrade to the vulnerability and image scanning functionality for the Sysdig Secure product, is available in airgapped on-prem deployments. Contact your Sysdig representative for technical support.
Major Highlights
Reduced scanning time. It is now eight times faster on average.
Added more data for vulnerabilities and remediation.
- CVSS scores and metrics: Network Attack Vector, Privileges required, and so on
- Flagging of publicly available code exploits
- Suggested package fix version
Added Risk spotlight, a new filter that only shows CVEs with active packages, to save time browsing infrastructure and focus on high-impact CVEs.
The New Vulnerability Reporting module now offers:
- Up to 14 days retention of individual reports.
- Immediate scheduling is directly available from the UI; just click Generate now.
Flexible policies can now be attached to the different runtime and security contexts
Migrate to the New Scanning Engine
The new vulnerability management engine uses a different data storage, API, host components, and user interfaces than the legacy scanning.
Contact your Sysdig representative to be guided through the process of migrating your subscription and vulnerability management configuration to the new engine. For more information, see Vulnerabilities.
Defect Fixes
- Addressed several critical and high vulnerabilities.
- Fixed the issue where Compliance v2 reports return 204 status.
- Fixed the issue where you are forced to use the email address format for login when Lightweight Directory Access Protocol (LDAP) is enabled. You can now log in with your username.
- Post GKE Nodepool upgrade elastic search pods no longer fail to start.
- Added support for Linux cgroup v2 to the Sysdig PostgreSQL implementation for memory optimization.
5.1.11 Hotfix Release, September 2023
This hotfix release fixes the errors reported in Rule Library and Runtime Policies post-upgrade.
Upgrade Process
Supported Upgrades From: 4.0.x, 5.0.x
For the full supportability matrix, see the Release Notes. This repository also includes the on-prem Installation instructions.
Defect Fixes
- Post successful upgrade, the Rule library pages, and Runtime Policies no longer report errors while enabling and disabling certain policies.
5.1.10 Hotfix Release, September 2023
This hotfix release certifies the support for Kubernetes versions 1.25, 1.26, and 1.27 on Sysdig Platform v5.1.10 and above.
Upgrade Process
Supported Upgrades From: 4.0.x, 5.0.x
For the full supportability matrix, see the Release Notes. This repository also includes the on-prem Installation instructions.
Defect Fixes
- Events are detected as expected after an agent upgrade to v12.15.0.
6.4.1 Release, August 2023
Upgrade Process
Supported Upgrades From: 5.0.x, 5.1.x, 6.x
For the full supportability matrix, see the Release notes. This repository also includes the on-prem Installation instructions.
For the v6.4.1 release, the Vulnerabilities module (built on the ScanningV2 engine) is not supported in airgapped environments.
Defect Fixes
Remove Email Enforcement in LDAP Login
When LDAP authentication is enabled, the username field in the login screen is of input type text
instead of email
.
6.4.0 Release, July 2023
Upgrade Process
Supported Upgrades From: 5.0.x, 5.1.x, 6.x
For the full supportability matrix, see the Release Notes. This repository also includes the on-prem Installation instructions.
Platform Fixes
- Fixed an issue with fresh installations and upgrades with FIPS(Federal Information Processing Standards) mode enabled on backend hosts.
- Fixed an intermittent issue accessing the Sysdig UI when using a newly created Team.
- Fixed an
init
container issue for thesysdigcloud-feeds-db
deployment that would use the wrong mount point.
6.3.0 Release, July 2023
Upgrade Process
Supported Upgrades From: 5.0.x, 5.1.x, 6.x
For the full supportability matrix, see the Release Notes. This repository also includes the on-prem Installation instructions.
Sysdig Secure
Risk Spotlight
The Risk Spotlight feature is now available for on-premises deployments. For more information, see Risk Spotlight Integrations.
Process Tree Visualization in Events Feed (Preview)
The Process Tree feature in the Sysdig Secure events feed is now available in Technical Preview for on-premises deployments. This feature visually unveils the context in which a process was launched. It displays process lineage for security practitioners in a familiar EDR(Electronic Document Review) format to help users easily understand the relationships and dependencies between processes to accelerate incident response.
This feature requires Sysdig agent v12.15 and must be manually enabled.
6.2.1 Release, June 2023
Upgrade Process
Supported Upgrades From: 5.0.x, 5.1.x, 6.x
For the full supportability matrix, see the Release Notes. This repository also includes the on-prem Installation instructions.
Note: Use Unifed Compliance on v6.2.1. To enable Unified Compliance, ensure that you set sysdig.secure.cloudsec.enabled
to true
in the values.yaml
while upgrading.
Sysdig Secure
Vulnerability Management Scanning Engine
Sysdig now provides the Vulnerability Management Scanning engine for all on-premises users. This scanning engine was released in April 2022 and brings the latest vulnerability features and improvements.
For 6.2.1 fresh installations, the Vulnerability Management engine will be the only scanning engine provided. For customers upgrading from 5.0.x, 5.1.x, or 6.x versions, both the Legacy Scanning engine and the newer Vulnerability Management engine are available.
Expanded Support for OpenShift 4 in Unified Compliance
Sysdig Secure support for CIS RedHat OpenShift Container Platform v4 Benchmark has been expanded in Unified Complience. This includes 13 new controls in Sections 1-4 for 92% coverage, and 11 new controls in Section 5 for overall coverage of 74%.
Infrastructure Resource Changes
With version 6.2.1, the number of components the Sysdig Platform requires to run both Sysdig Secure and Sysdig Monitor is nearly doubled. This release introduces new product features in both products, as well as upgrades and enhancements of the datastores from the last major release in September 2021.
Sysdig has provided general testing with Platform configurations on 5.1.x and 6.0.x branches. The table below compares the CPU and memory requirements for a Sysdig backend with 600 agents connected to each.
Version | CPU Requirements | Memory Requirements |
---|---|---|
v5 | 167 Cores | 286 GB |
v6 | 134 Cores | 372 GB |
The usage for each on-premises installation is different, so your load and sizing requirements may differ from the table above. To prepare for your upgrade from 5.x to 6.x, reach out to your account team for assistance to ensure your infrastructure meets requirements.
Secure-Only Backend Enablement Optimized
For users who enable a backend deployment with the Secure-Only configuration set to true, the footprint of Monitor components has been further reduced and minimized. However, for those upgrading from 5.x+, the addition of features and components in 6.2.1 has a complex effect on the overall resource usage.
- In general, 6.0.0 requires less CPU and slightly more memory than 5.+.
- As version 6.2.1 has more components than 5.1.x, this means that the shared components (the ones used in both versions) require fewer resources in version 6.2.1.
- If you are upgrading from an existing branch with the legacy scanning engine, running both scanning engine components will require the most resources.
For users with limited infrastructure resources who only use Sysdig Secure, please contact customer support or your Sysdig account team with your infrastructure node count and node size to ensure that the Secure-Only mode is the right deployment type for your needs.
Internal Agent Dashboards Added (On-Prem Only)
An Internal Agents Dashboard has been added under Integrations > Data Sources in Sysdig Secure for viewing granular information about the agents deployed in your environment.
Known Defects
- For 6.2.1 fresh installs, a few compliance checks that used the legacy scanner will not be available until a later release. Reach out to your account team for the full list of which checks are unavailable.
- The Get Started page doesn’t work in a 6.2.1 fresh install as it relies on a legacy scanning endpoint that is not longer available. This will be patched in a future release.
- If your agents are installed in Secure mode, some of the panels in the new Internal Agents Dashboard are missing data. This will be corrected in a future agent release. The affected panels are: Kubernetes Metadata Up to Date, CPU Usage, Memory Usage, and Total Agents without Cluster.
- The new Internal Agents Dashboard will not load properly if the Cloudsec service is not enabled. This service can be enabled through a flag in the Installer:
sysdig.secure.cloudsec.enabled = true
.
6.1.2 Release, May 2023
Upgrade Process
Supported Upgrades From: 5.0.x, 5.1.x, 6.0
For the full supportability matrix, see the Release Notes. This repository also includes the on-prem Installation instructions.
Defect Fixes
Refined the upgrade process for users upgrading from 6.0 or 5.1.X branches.
Fixed an issue where some
values.yaml
configurations were not kept during an upgrade.
6.1.1 Release, May 2023
Upgrade Process
Supported Upgrades From: 4.0.x, 5.0.x
For the full supportability matrix, see the Release Notes. This repository also includes the on-prem Installation instructions.
Sysdig Secure
Daily Updates of Managed Policies and Rules
In Sysdig Secure Threat Detection, managed policies and rule definitions are now updated from Sysdig daily at midnight UTC via a new cronjob service, sysdigcloud-falco-rules-deployer
. See Manage Daily Updates (On-Prem Only) if you need to change the schedule or disable the feature.
Sysdig Monitor
Cloud Metrics
Supports the following features:
Cloud Integrations for AWS CloudWatch Metric Streams.
For more information on enabling CloudWatch Metric Streams, see Enable Cloud Metrics Streams in On-Prem Deployments.
For users upgrading from 5.x.x to 6.x.x on-prem versions, the AWS CloudWatch API metrics will be converted from Sysdig notation to Prometheus. All the dashboards and alerts will be converted automatically.
AWS CloudWatch API metrics will still be available in the Sysdig notation
(aws.*)
if the metrics are queried directly via the API. However,aws.*.
latency metrics will be reported in seconds instead of nanoseconds, which was required for consistency between the AWS CloudWatch API metrics and AWS CloudWatch Metric Streams metrics. Users querying theaws.*.latency
metrics directly via API from Grafana should change the time unit to seconds.
Defect Fixes
- Fixed the Integrations without workload type.
- Fixed the list alerts API for summary information
- Changed icons in Event feed for policy type.
- Fixed an issue in which an appended rule could result in empty tags.
- Fixed a wrong label value order to report retention as label value.
- Fixed an issue on user provisioning.
- Fixed a problem with metrics that have new categories.
5.1.9 Hotfix Release, April 2023
Upgrade Process
Supported Upgrades From: 4.0.x, 5.0.x
For the full supportability matrix, see the Release Notes. This repository also includes the on-prem Installation instructions.
Defect Fixes
- Added
Alert group name
to the Webhook notification channel payload. - Retention manager now removes spurious images.
- Images with the tag
SHA256
are now re-evaluated. - Consolidated scan results between API and UI.
6.0.2 Hotfix Release, April 2023
Upgrade Process
This release only supports fresh installations of the Sysdig platform into your cloud or environment.
For the full supportability matrix, see the Release Notes. This repository also includes the on-prem Installation instructions.
Defect Fixes
Enabled Internal Agents Dashboard.
Added CPU Usage and Memory Usage panels to Internal Agents Dashboard.
6.0.0 Release, April 2023
Upgrade Process
This release only supports fresh installations of the Sysdig platform into your cloud or on-premises environment.
For the full supportability matrix, see the Release Notes. This repository also includes the on-prem Installation instructions.
Monitor
Sysdig has migrated to a Prometheus-native data store and is now available for on-premises deployments. This release adds several product offerings that are available on the Sysdig SaaS platform for the Monitor product. The following features are now available in the fresh installation of the 6.0.0 on-premises release:
Advisor
Dashboards
Explore
Alerts
Integrations
- Monitoring Integrations
- Grafana Plugin
AWS Cloudwatch Metrics
- The AWS CloudWatch API metrics will be available in Prometheus format. For more information, see AWS CloudWatch API Metrics.
Notification Channels
Two new notification channels have been added:
Secure
Insights
Introduced Insights, a powerful visualization tool for threat detection, investigation, and risk prioritization. All findings generated by Sysdig across workloads and cloud environments are aggregated into a visual platform that streamlines threat detection and forensic analysis. Insights helps you identify compliance anomalies and ongoing threats to your environment
Compliance
New report types have been added to Unified Compliance:
- Google Cloud Platform (GCP)
- Azure
- Kubernetes
- Docker
- Linux
Threat Detection Policies and Rules
Threat detection policies now have three “flavors”, following the same model as our SaaS platform.
- Default/Managed Policies
- Managed Ruleset Policies
- Custom Policies
For a full description of policy types, see Threat Detection Policies.
Integrations
Platform
Custom Roles
A custom role is an admin-defined role which allows Sysdig administrators to bundle a set of permissions and allocate it to one or more users or teams. This features has been available in SaaS and is now released for our on-premises users. Fore more information, see Custom Roles.
Group Mappings
Group mappings allow you to connect groups from your identity provider (IdP) to the roles and teams associated with your Sysdig account.
Login Message
You can now configure a custom login message to help maintain security standards based on your organization.
Platform Audit
Sysdig provides both a UI and a set of APIs for auditing and reporting on the use of the Sysdig platform itself. By default, the UI is disabled to minimize resource usage. The API is enabled by default. For more information, see Sysdig Platform Audit.
Privacy Settings
You can choose to opt in or out of sharing usage data with Sysdig.
5.1.8 Hotfix Release, February 2023
Upgrade Process
Supported Upgrades From: 4.0.x, 5.0.x
For the full supportability matrix, see the Release Notes. This repository also includes the on-prem Installation instructions.
Defect Fixes
Fixed a time unit issue for Elasticsearch resolvers.
Fixed an issue where container metadata labels missing for Java virtual machine (JVM) metrics.
Fixed an issue where
sysdig_fs_*
metrics were not being discovered.
5.1.7 Hotfix Release, January 2023
Upgrade Process
Supported Upgrades From: 4.0.x, 5.0.x
For the full supportability matrix, see the Release Notes on Github. There you will also find important Installation instructions.
Defect Fixes
Fixed an issue where images would not be scanned or re-evaluated with an alert configured with four or more scopes.
Fixed an issue where Captures from a runtime policy would not display in the Inspect UI.
Sysdig Platform
- Updated several containers that were mistakenly running as root. All containers now run using an unprivileged user.
- Updated the
apiVersion
of all Cronjobs from batch/v1beta1 to batch/v1. - Fixed an issue that would sometimes result in a
413 Payload Too Large
HTTP response to the Sysdig API. - Fixed an issue with some Sysdig templates missing
nodeSelectorTerms
althoughnodeaffinityLabel
is specified.
5.1.6 Hotfix Release, January 2023
Upgrade Process
Supported Upgrades From: 4.0.x, 5.0.x
For the full supportability matrix, see the Release Notes on Github. There you will also find important Installation instructions.
Defect Fixes
- Fixed a privacy setting issue that would revert the admin setting after an update to the
values.yaml
file. - Fixed a sidepanel interface bug that would appear under Scan Results.
- Fixed an issue with the metadata service sometimes returning an empty string as a value for some metrics, causing a banner to display saying A new version of Sysdig is available.
- Fixed an Anchore issue that would show vulnerabilities in packages that should not have been present.
- Updated the Anchore image with the latest code and security updates.
5.1.5 Hotfix Release, December 2022
Upgrade Process
Supported Upgrades From: 4.0.x, 5.0.x
For the full supportability matrix, see the Release Notes on Github. There you will also find important Installation instructions.
Defect Fixes
- Fixed an issue where Sysdigcloud-api would fail to connect to Cassandra when a column name already exists.
- Fixed an invalid Cassandra StatefulSet YAML issue in multi-AZ deployments.
5.1.4 Hotfix Release, November 2022
Upgrade Process
Supported Upgrades From: 4.0.x, 5.0.x
For the full supportability matrix, see the Release Notes on Github. There you will also find important Install instructions.
Secure
Removed the Legacy Benchmarks button from the Secure UI.
The feature will soon be deprecated in on-premises deployments.
Added the Shared with Team permission in Group Mappings to the ServiceManager role.
Defect Fixes
- Fixed an issue where a scanned image would not correctly report a vulnerability detected in kernel-headers packages.
- Fixed a Secure scanning issue where an image was scanned by multiple sources, such as Inline Scanner and Node Analyzer, and the UI would redirect the user to the incorrect source.
- Fixed a Team Scope issue in Secure where the
agent.tag.accountid
scope was configured and users could not see Host scanning results. - Updated the Secure Only on-premises setting for aggregation interval set to 60 seconds to help reduce the number of stream resetting log warnings in the Sysdig backend.
5.1.3 Hotfix Release, September 2022
Upgrade Process
Supported Upgrades From: 4.0.x, 5.0.x
For the full supportability matrix, see the Release Notes on Github. There you will also find important Installation instructions.
Defect Fixes
- Fixed an Elasticsearch issue that occurred during upgrades, causing pods to end in a CrashLoopBackOff state. This fix will improve overall Elasticsearch resiliency for users.
4.0.8 Hotfix Release, July 2022
Supported Upgrades From: 3.6.X
Defect Fixes
Fixed an issue with persistent volume claim (PVC) metrics not displaying properly in the UI.
Fixed a filtering issue where relational database service (RDS) metrics would not populate in the RDS Overview Dashboard.
5.1.2-2 Hotfix Release, July 2022
Upgrade Process
Supported Upgrades From: 4.0.x, 5.0.x
Sysdig Platform
- Added support for Openshift 4.10.
5.1.2 Hotfix Release, May 2022
Upgrade Process
Supported Upgrades From: 4.0.x, 5.0.x
For the full supportability matrix, see the Release Notes on Github. There you will also find important Installation instructions.
Secure Feature: Reporting
- Added the Run Now and Download(s) menu items.
Defect Fixes
- Fixed an Unable to load latest task result bug when accessing compliance benchmarks results.
5.1.1 Hotfix Release, May 2022
Upgrade Process
Supported Upgrades From: 4.0.x, 5.0.x
For the full supportability matrix, see the Release Notes on Github. There you will also find important Installation instructions.
Sysdig Platform
Added the
RelayState
parameter optional for SAML configuration.Upgraded the Spring Framework to version 5.2.20 in the
sysdig-backend
container.
Monitor
- Added the ability to choose regions with Capture Storage.
Installer Improvements
Fixed an issue with MultiAZ GCP/GKE platforms that would prevent Elasticsearch from starting.
Fixed an ingress permissions issue when upgrading from 5.0.4 to 5.1.0 that would result in the Sysdig UI generating a
404 Not Found
error.Fixed an installer bug when
cloudProvider.name
was set andcloudProvider.region
was not set.Fixed a Kafka/Zookeeper statefulset naming issue when installing or upgrading Sysdig on-premises.
Defect Fixes
- Monitor Alert re-notification messages now provide the latest metric value instead of the metric value at time of triggering.
- Fixed a Runtime scan page issue not displaying image results based on specific Team scopes.
5.0.5 Hotfix Release for CVE-2022-22965
Upgrade Process
Supported Upgrades From: 4.0.x, 5.0.x
For the full supportability matrix, see the ReleaseNotes on Github. There you will also find important Installation instructions.
Improvements
This hotfix upgrades the Spring Framework to version 5.2.20 in the sysdig-backend
container.
5.1.0 Release, March 2022
Upgrade Process
Supported Upgrades From: 4.0.x, 5.0.x
For the full supportability matrix, see the Release Notes on Github. There you will also find important Installation instructions.
Sysdig Platform
Installer Improvements
- Kubernetes versions 1.22 and 1.23 are now supported.
- An optional cronjob for the
falco-rules-installer
, which runs once a month, can now be created through the installer values file. - Users operating their own ingress controller, such as Rancher, are no longer need to manually create Ingress Objects Go HTTP APIs. Note that the Collector uses TCP and will need external configuration.
- The Installer now has a pre-flight check to verify the kubectl and Kubernetes versions of the cluster with the context provided by the user.
Secure
API Docs
- API documentation for Sysdig Secure is now enabled by default.
Defect Fixes
- Fixed an issue with Secure Events not displaying the correct number of events in the dashboard.
- Fixed an issue that prevented Rapid Response from being enabled with a Secure Team created with LDAP.
- Fixed a network issue that would sometimes occur during an upgrade which would cause PostgreSQL to timeout.
- Fixed an issue where the
nats-streaming-init
container failed to start due to permission problem whenstorageClassProvisioner
is set tohostPath
. - Fixed a Compliance Database Password issue during upgrades from on-prem 4.0.x to on-prem 5.0.x
- Fixed an issue with the StatefulSet definition when upgrading from 4.0.x to 5.0.x on a Kubernetes cluster prior to 1.18.x
4.0.7/5.0.4 Hotfix Release for CVE-2021-44228 in Apache’s log4j (3.6.4, 4.0.7, 5.0.4)
The patch relese upgrades all components that compose Sysdig’s Platform running Apache’s vulnerable Log4j library to 2.16.
Note on ElasticSearch: This is using Log4j v2.11.1. An additional JVM parameter has been added through the Installer in accordance with the recommendations from Elastic. In addition, the impacted class from the Log4j library has been removed completely. Security scanners may still list this as vulnerable but in this case it will be a false positive. Elastic currently does not offer a way to fully remove or upgrade this component.
4.0.6/5.0.3 Hotfix Release for CVE-2021-44228 in Apache’s log4j (3.6.3, 4.0.6, 5.0.3)
Security researchers recently disclosed the vulnerability CVE-2021-44228 in Apache’s log4j, which is a common Java-based library used for logging purposes Sysdig is using an alternative framework for logging called Logback. The logback framework isn’t vulnerable to this issue.
Sysdig components include a log4j library in our standard distribution that was vulnerable. This library is included for compatibility reasons only and is not used for primary logging. Sysdig has determined that our products are not vulnerable based on our application architecture and mitigating controls.
We have released a patch version of our self hosted-software which upgrades the vulnerable version of log4j or adds additional mitigating controls suggested by vendors.
- 3.6.3
- 4.0.6
- 5.0.3
Please reach out to support or the customer success team for assistance with your upgrade.
2021 Archive
2021 Archive of Sysdig On-Premises release notes.
2020 Archive
2020 Archive of Sysdig On-Premises release notes.
2018 Archive
2018 Archive of Sysdig On-Premises release notes.
2019 Archive
2019 Archive of Sysdig On-Premises release notes.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.