Security Policy Metrics

Sysdig follows the Prometheus-compatible naming convention for both metrics and labels as opposed to the previous statsd-compatible, legacy Sysdig naming convention. This page shows metrics in the legacy Sysdig naming convention. See Metrics and Label Mapping for the mapping between Sysdig legacy and Prometheus naming conventions.

Metrics	Description	Type	Segmented by	Minimum Agent Version
`security.evts.k8s_audit`	The total number of policy events from a Kubernetes audit policy.	Gauge	`host.mac` `host.hostname`	0.86.0
`security.policy_evts.syscall`	The total number of policy events from a syscall policy.
`security.policies.enabled`	The number of security policies enabled for a user.
`security.policies.total`	The number of security policies that exist for a user.
`security.policy_evts.container`	The total number of policy events from a container policy.
`security.policy_evts.falco`	The total number of policy events from a Falco policy.
`security.policy_evts.filesystem`	The total number of policy events from a filesystem policy.
`security.policy_evts.high`	The number of policy events from a policy with high severity.
`security.policy_evts.low`	The number of policy events from a policy with low severity.
`security.policy_evts.medium`	The number of policy events from a policy with medium severity.
`security.policy_evts.network`	The total number of policy events from a network policy.
`security.policy_evts.process`	The total number of policy events from a process policy.
`security.policy_evts.total`	The total number of policy events across all policy types.
`security_policy_evts.by_name`	The number of events triggered with segment `name` available.	`name` `host.mac` `host.hostname`

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.