With Sysdig Secure On-Premises v4.0, an optional feature has been introduced called Rapid Response. It enables designated users to remote connect into a host from within the Sysdig Secure interface. For on-prem users who enable this functionality, their menu options will differ from earlier versions and from the SaaS version. This section describes those options and changes.
With Sysdig Secure SaaS (June, 2021), the Activity Audit and Capture modules have been moved into Investigate.
If Sysdig Secure On-Prem v.4.0.0 is installed and the Rapid Response feature flag has been enabled by Sysdig Support, the following differences will appear in the Sysdig Secure UI for designated users:
Capturesis replaced by
Rapid Response pages: Accessed from the Investigate module, the
Session Logpages have been added. See Rapid Response for details.
Activity Audit surveils interactive commands, established connections, file activities, and
kube exec requests to the Kubernetes API. This makes them searchable and indexed against your cloud-native assets.
In Sysdig Secure, you can configure policies to auto-create capture files in case of an event, or you can create captures manually.
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.