Insights is a Beta feature and will be available first in the US East region.
Sysdig Secure (SaaS) has introduced a powerful new visualization tool for threat detection, investigation, and risk prioritization, to help identify compliance anomalies and ongoing threats to your environment. With Insights, all findings generated by Sysdig across both workload and cloud environments are aggregated into a visual platform that streamlines threat detection and forensic analysis.
Birds-eye view of findings across environments and timelines, with responsive representations combined with summaries plus the linear events feed
Instantly hone in on problem areas or block out noisy results
Share views with team members
Access the Insights Page
The Insights page is enabled automatically as the landing page for Sysdig Secure in some cases and must be manually enabled in others. (Note that your Sysdig Secure region may affect availability as well during the roll-out phase.)
Default Landing Page: for users that connect a cloud account
Manually enable in SysdigLabs:
30-Day Trial users
Existing or new Sysdig Secure enterprise users who have not connected a cloud account.
These accounts must first enable Insights by logging in to Sysdig Secure as Admin and choosing User Profile . Toggle the feature
The Insights tool is intuitive and easy to use. Note the following design and usage attributes.
Choose the resources you want to view from the top-left dropdown.
Cloud User Activity: Detects vulnerabilities and events related to user activity in connected cloud accounts. It includes User, Account, Region, Resource Category, Resource Type, and Resource.
Cloud Activity: Detects all findings in connected cloud accounts. Specifically, it includes Account, Region, Resource Category, Resource Type, and Resource.
Kubernetes Activity: Detects all findings in connected Kubernetes clusters, namespaces, and workloads. It includes Cluster, Namespace, Pod Owner, and Workload.
Composite View: Detects and aggregates all findings from both the Cloud Activity and the Kubernetes Activity views. It includes Account, Region, Resource Category, Resource Type, Resource, Cluster, Namespace, Pod Owner, and Workload.
The default view shown will be based on the findings in your environment. If there are events in Cloud and Kubernetes, the Composite view is default; otherwise the Cloud or Kubernetes Activity view is chosen.
If a particular type of resource is not connected in your environment, that page will show no findings.
As with many other Sysdig tools, you scope by timespan using the timeline at the bottom of the page.
The default span is
14 days. You can choose other presets (
3H, 12H, 1D, 3D, etc.) or set a span using the clickable calendar.
Insights display up to 14 days or 999 events, whichever comes first.
The power of the Insights tool resides in the Visualization panel.
Experiment with the Visualization panel features:
Concentric rings drill down the resources to the most granular findings. Note that the header labels each level in order (
Account > Region > Resource Category > ...)
Hover over a target area for details, and click to isolate in the summary.
Change the Timeline.
Take advantage of Search | Show | Hide | Exclude.
Activity Panel: Summary
The Summary panel recapitulates the Visualization panel as an ordered
list, organized by
Severity level and impacted
Click a line item to open the details. See at a glance the affected containers, images, rules, user names, etc.
Take advantage of Search | Show | Hide | Exclude.
Cloud Activity Summary Panel
For AWS Cloud Activity, the summary also includes a link back to view the data in the AWS Console.
Activity Panel: Events
The Events panel replicates the Sysdig Secure Events feed. Click an entry in the time-based list to open its details.
Search | Show | Hide | Exclude
Search bar works in conjunction with options in the
Each line of the Activity Summary includes the
Show (=): Click
Showto add that finding to the Search bar, and to the page URL. The Visualization will be targeted accordingly.
Hide (!=): Click
Hideto filter that finding from the Visualization, adding the filter to the Search and the URL.
Exclude : Click
Excludeto refetch the data without the excluded entry. This cuts down on noisy repetitious results (which in some cases could cause the 999-item limit to be exceeded).
Hidedo not trigger a re-fetch of data.
Once you have excluded an entry, the
Excludeicon is displayed in the Visualization header.
Click the icon to view the current exclusions.
Clear All Exclusions if desired.
Insights Team-Based Views and Sharing
Your team and user role influence what Insights you have access to.
The page URL persists search and filter items, and can be shared with team members with the same level of permissions.
See User and Team Administration for more detail.
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.