Investigate
With Sysdig Secure On-Premises v4.0, an optional feature has been introduced called Rapid Response. It enables designated users to remote connect into a host from within the Sysdig Secure interface. For on-prem users who enable this functionality, their menu options will differ from earlier versions and from the SaaS version. This section describes those options and changes.
With Sysdig Secure SaaS (June, 2021), the Activity Audit and Capture modules have been moved into Investigate.
On-Prem Overview
If Sysdig Secure On-Prem v.4.0.0 is installed and the Rapid Response feature flag has been enabled by Sysdig Support, the following differences will appear in the Sysdig Secure UI for designated users:
Left navigation:
Captures
is replaced byInvestigate
The Captures feature is now a subset of the Investigate module, along with the new Rapid Response feature.
Rapid Response pages: Accessed from the Investigate module, the
Start Session
andSession Log
pages have been added. See Rapid Response for details.
SaaS Overview
Activity Audit and Captures features are now both subsets of the Investigate module. See also: June 9, 2021.
Activity Audit
Activity Audit surveils interactive commands, established connections, file activities, and kube exec
requests to the Kubernetes API. This makes them searchable and indexed against your cloud-native assets.
Captures
In Sysdig Secure, you can configure policies to auto-create capture files in case of an event, or you can create captures manually.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.