Insights
With Insights, all findings generated by Sysdig across both workload and cloud environments are aggregated into a visual platform that streamlines threat detection and forensic analysis.
Highlights:
Birds-eye view of findings across environments and timelines, with responsive representations combined with summaries plus the linear events feed
Instantly hone in on problem areas or block out noisy results
Share views with team members
The Insights tool is intuitive and easy to use. Note the following design and usage attributes.
Log in to Sysdig Secure and select Insights
.
Navigation
Choose the resources you want to view from the top-left dropdown.
Cloud User Activity: Detects vulnerabilities and events related to user activity in connected cloud accounts. It includes User, Account, Region, Resource Category, Resource Type, and Resource.
Cloud Activity: Detects all findings in connected cloud accounts. Specifically, it includes Account, Region, Resource Category, Resource Type, and Resource.
Kubernetes Activity: Detects all findings in connected Kubernetes clusters, namespaces, and workloads. It includes Cluster, Namespace, Pod Owner, and Workload.
Node and Pod Activity:
Host and Container Activity:
The default view shown will be based on the findings in your environment.
If a particular type of resource is not connected in your environment, that page will show no findings.
Timeline
As with many other Sysdig tools, you scope by timespan using the timeline at the bottom of the page.
The default span is
14 days
. You can choose other presets (3H, 12H, 1D, 3D
, etc.) or set a span using the clickable calendar.Insights display up to 14 days or 999 events, whichever comes first.
Visualization Panel
The power of the Insights tool resides in the Visualization panel.
Experiment with the Visualization panel features:
Concentric rings drill down the resources to the most granular findings. Note that the header labels each level in order (
Account > Region > Resource Category > ...
)Hover over a target area for details, and click to isolate in the summary.
Change the Timeline.
Take advantage of Search | Show | Hide | Exclude.
Activity Panel: Summary
The Summary panel recapitulates the Visualization panel as an ordered
list. It can be grouped by Rule
or User
activity.
Group by Rule
Click a line item to open the details. See at a glance the affected containers, images, rules, user names, etc.
Take advantage of Search | Show | Hide | Exclude.
Group by User | Rule
View the Summary grouped by User
to help detect outlier behavior.
Expand the user entry to view details and click the arrow to switch to the event feed for that user, with events listed in reverse chronological order.
Cloud Activity Summary Panel
For AWS Cloud Activity, the summary also includes a link back to view the data in the AWS Console.
Activity Panel: Events
The Events panel replicates the Sysdig Secure Events feed. Click an entry in the time-based list to open its details.
Search | Show | Hide | Exclude
The Search
bar works in conjunction with options in the
Activity Summary
.
Each line of the Activity Summary includes the
options.Show (=)
,Hide (!=)
andExclude
Show (=): Click
Show
to add that finding to the Search bar, and to the page URL. The Visualization will be targeted accordingly.Hide (!=): Click
Hide
to filter that finding from the Visualization, adding the filter to the Search and the URL.Exclude: Click
Exclude
to refetch the data without the excluded entry. This cuts down on noisy repetitious results (which in some cases could cause the 999-item limit to be exceeded).
Note that
Show
andHide
do not trigger a re-fetch of data.Once you have excluded an entry, the
is displayed in the Visualization header.Exclude
iconClick the icon to view the current exclusions.
Clear All Exclusions if desired.
Insights Team-Based Views and Sharing
Note:
Your team and user role influence what Insights you have access to.
The page URL persists search and filter items, and can be shared with team members with the same level of permissions.
See User and Team Administration for more detail.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.