Sysdig Secure

Sysdig Secure is part of Sysdig’s container intelligence platform. Sysdig uses a unified platform to deliver security, monitoring, and forensics in a cloud, container and microservices-friendly architecture integrated with Docker and Kubernetes. Sysdig Secure takes a services-aware approach to protect workloads while bringing deep cloud and container visibility, posture management (compliance, benchmarks, CIEM), vulnerability scanning, forensics and threat detection and blocking.

In the background, the Sysdig agent lives on the hosts being monitored and collects the appropriate data and events. For more information, see the Sysdig Agent Documentation.

Key Features

  • Presents relevant performance and security data together.

  • Offers host and image scanning, auditing, and runtime vulnerability management capabilities:

    • Filter and surface vulnerabilities against images, clusters, namespaces, hosts or any other label

    • Alert on unscanned images or images whose evaluation status has changed from new vulnerabilities

    • Log user actions, container activity, and command-line arguments

    • Enforce security policies and block attacks

  • Provides posture management for a distributed environment:

    • Easily schedule customized benchmark tests to run across cloud, hosts, services, or clusters

    • Control compliance at cloud, orchestrator and container level.

    • Track and optimize cloud users permissions and entitlements.

    • Export results to SIEM, logging clusters, or other tools your organization uses

  • Provides runtime detection and data enrichment:

    • Identify and block threats in real-time, based on application, container, and network activity

    • Instrument Kernel to track all app, container, host, and network system calls

    • View security policy violation based on orchestrated services

    • Manage multi cloud events using single and multiple accounts

  • Supports incident response and forensics:

    • Protect distributed, dynamic, and ephemeral services with a single-service policy involving no manual configuration

    • Create detailed system captures for any policy violation or incident, enabling the ability to take actions against malicious activity

    • Drill down from policy violations into 100% granularity captures of pre- and post-attack activity

    • View SCAP files to see all system activity before, during, and after any security event

    • Create detailed system captures for any policy violation or incident enabling ability to take actions malicious activity

    • Integrate alerting and incident response

Topics in This Section


Sysdig Secure now offers an Inventory, so you can gain visibility into resources across your cloud (GCP, Azure, and AWS) and Kubernetes environments.


Sysdig Secure (SaaS) has introduced a powerful visualization tool for threat detection, investigation, and risk prioritization, to help identify compliance anomalies and ongoing threats to your environment.

Vulnerability Management


Sysdig’s Posture module includes Compliance handling for both Kubernetes and Cloud accounts (KSPM/CSPM), as well as Identity and Access for cloud accounts.


Sysdig Secure deploys different types of policies.


Sysdig Network Security tracks ingress and egress communication from every pod. The Network Security Policy tool allows you to generate Kubernetes Network Policies based on the traffic allowed or denied as defined in the Ingress and Egress tabs. The UI also allows you to view which policies are being applied in real time.

Secure Events


Integrations for Sysdig Secure

Sysdig Secure for cloud

Sysdig Secure for cloud is the software that connects Sysdig Secure features to your cloud environments to provide unified threat detection, compliance, forensics, and analysis.

IaC Security

Scanning (Legacy)

Secure Overview

Getting Started with Sysdig Secure (Legacy)