This the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Integrations for Sysdig Secure

The Integrations menu option in Sysdig Secure provides quick-link access to both inbound data sources and outbound integrations such as notification channels and S3 captures.

Inbound

Data Sources: Cloud Accounts and Kubernetes Clusters

Log in to Sysdig Secure and choose Integrations > Cloud Accounts or Integrations > Kubernetes Cluster to review the status of your cloud accounts.

Outbound

S3 Capture Storage Use Integrations > Outbound | S3 Capture Storage as a quick link to that page in Settings.

Notification Channels Integrations > Outbound | Notification Channels gives a quick link to configure the notification channels in Sysdig Secure. (Sysdig Monitor notification channels must be configured separately and are access from the Monitor UI.)

Extensions and Levels of Support

“Integrations” for Sysdig Secure can include a wide range of tools and software designed to connect Secure functionality (e.g., image scanning, event handling, audit logging, and risk analysis) with other systems. Some such tools are installed with the backend. Others are not, because they exist to accommodate specific use cases, infrastructure details, or additional customizations.

These added tools are called “extensions” and It is up to the user to decide which extensions to install on top of the core backend functionality.

There are two different categories of extensions depending on the support level and backward- compatibility guarantees:

Preview features - These are pre-release features for which Sysdig is seeking early feedback from users. If you’re interested in trying these items, we will connect you directly with our product/engineering teams. Depending on the level of engagement with a preview Sysdig will decide to deprecate it or move it into an officially supported extension or feature.
Fully supported) Extension features - These extensions are installed outside the core Sysdig product and leverage Sysdig APIs, but they are fully supported at the same level as any other core product feature.

Features that are delivered with the core product are designated as “built-in” and always receive full support.

Sysdig delivers many other code examples and integrations as blog content, webinars, whitepapers, etc. Any code snippet or integration that is not explicitly listed in the tables above is not officially supported and is merely illustrative of a particular feature or capability.

Types of Secure Integrations

Image scanning functionality can be integrated into the CI/CD pipeline and with container registries. Kubernetes logs can be integrated from a variety of platforms and distributions. Events can be forwarded to various external processing systems.

Fully supported Extensions are marked with ^E. Preview features are marked with ^P.

CI/CD Pipeline	Container Registries	Audit Logging (Kubernetes)	Event Forwarding
Jenkins plugin^E	AWS ECR ^E	Google GKE^E	Splunk (built-in)
Azure Pipelines^P	Harbor Scanner Adaptor^P	Amazon EKS^E	Syslog (built-in)
AWS Codepipeline^P	Google GCR (built-in)	Azure AKS^P	IBM QRadar (built-in)
CircleCI^P	Azure ACR (built-in)	Native configurations^E	IBM MCM (built-in)
Github Actions^P	Artifactory (built-in)
Gitlab^P	Dockerhub (built-in)
Tekton Pipelines^P	Quay (built-in)

Additional Integration Tools

Developer Tools:

Admission Controller^Pfor image scanning:

IBM Cloud Pak for Multicloud Management ^E full integration guide

1 -

Data Sources (cloud)

If you connect a cloud account using Sysdig Secure for cloud, you can review the details on the Data Sources page.

From the Integrations menu, access the Data Sources content from the Inbound entries:

Review Data Sources

Access the Page

Log in to Sysdig Secure and select Integrations > Inbound|Cloud Accounts from the navigation bar.
The Cloud Accounts overview is displayed.

NOTE: If no cloud accounts have been connected yet, you will be linked to the Get Started page to connect them now.

Review Cloud Accounts

Use the Cloud Accounts overview to:

Confirm that the incoming data sources you expected are present
Get an overview of the status
Check whether managed clusters in the accounts were detected and whether an agent was installed with them.
Click +Add Account to return to the Get Started page and connect an AWS, GCP, or Azure cloud account.

The page lists:

Platform: AWS, GCP, Azure
Account ID: The AWS Account ID, GCP Project ID, or Azure Subscription ID
Alias: As defined when connected
Region(#): Each account may be deployed in multiple regions; click on a numbered entry to expand and view all the regions.
Date Added: Date the account was added to Sysdig Secure
Date Last Seen: Date of last observed activity on the account/region.
Clusters Connected (x/y): This displays the number of managed clusters detected in the account/region (y) and the number of clusters with at least one agent installed (x).
For example:
- 0/0 = no clusters contain an agent, no clusters detected
- 1/17 = 1 cluster contains an agent, 17 total clusters detected
Connect the Account:
Note: In certain rare cases, a cloud account may have been connected using an old mechanism and needs to be re-onboarded. In this case, you can use the Quick Link to jump to the Get Started page and reconnect the account.

Review Managed Kubernetes

From the Managed Kubernetes tab you can review cluster details and instrument a cluster if needed.

Filtering Actions

You can:

Search by keyword
Filter by platform or account number
Sort by Status, Cluster Name, Account ID, or Region

For un-instrumented clusters detected on an account, the modal under More helps speed the instrumentation process.

Click Instructions to Instrument. The instrumentation popup is displayed, with your access key and cluster-specific data prefilled.
Follow the two-step procedure to generate the kubeconfig and install the agent.
OR
Click Copy Script to Instrument to get both parts in a single script you can deploy.

2 -

Integrate IBM Cloud Pak for Multicloud Management

IBM Cloud Pak for Multicloud Management centralizes visibility, governance, and automation for containerized workloads across clusters and clouds into a single dashboard. One of the key capabilities of the product is the centralization of security findings to help cloud team administrators understand, prioritize, manage and resolve security issues that are related to their cloud applications and workloads.

The integration of Sysdig Secure with IBM Cloud Pak for Multicloud Management extends the depth of security intelligence available with:

Container image vulnerability management and configuration validation
Runtime security with prevention, threat detection, and mitigation
Incident response and forensics
Compliance and audit

Sysdig Secure increases IBM Cloud Pak for Multicloud Management compliance capabilities to help meet regulatory requirements like NIST, PCI, GDPR, or HIPAA. By deploying the products together, users can extend container security to prevent vulnerabilities, stop threats, accelerate incident response, and enable forensics.

The integration involves several components, each of which is installed and configured separately.

Users of IBM Cloud Pak for Multicloud Management can follow the Installation Integration Guide to install and configure:

The Sysdig agent
Event forwarding integration
Single sign-on (SSO) integration via OpenID Connect
Navigation menu shortcut integration

For More Information

Download the Integration Guide
Review the blog entry about Sysdig Secure and IBM Cloud Pak for Multicloud Management Integration