With Sysdig Secure On-Premises v4.0, an optional feature has been introduced called Rapid Response. It enables designated users to remote connect into a host from within the Sysdig Secure interface. For on-prem users who enable this functionality, their menu options will differ from earlier versions and from the SaaS version. This section describes those options and changes.

With Sysdig Secure SaaS (June, 2021), the Activity Audit and Capture modules have been moved into Investigate.

On-Prem Overview

If Sysdig Secure On-Prem v.4.0.0 is installed and the Rapid Response feature flag has been enabled by Sysdig Support, the following differences will appear in the Sysdig Secure UI for designated users:

  • Left navigation: Captures is replaced by Investigate

    The Captures feature is now a subset of the Investigate module, along with the new Rapid Response feature.

  • Rapid Response pages: Accessed from the Investigate module, the Start Session and Session Log pages have been added. See Rapid Response for details.

SaaS Overview

Activity Audit and Captures features are now both subsets of the Investigate module. See also: June 9, 2021.

Topics in This Section
Activity Audit

Activity Audit surveils interactive commands, established connections, file activities, and kube exec requests to the Kubernetes API. This makes them searchable and indexed against your cloud-native assets.


In Sysdig Secure, you can configure policies to auto-create capture files in case of an event, or you can create captures manually.

Rapid Response