Sysdig Secure Investigate allows you to perform investigations as part of incident response, investigate the origin and consequences of security issues, and respond swiftly to dangers. Use Investigate to discover, understand, and respond anomalous behaviors in your environment.

The Investigate module includes three features:

  • Activity Audit allows you to keep track of commands, connections, and requests made to your Kubernetes API. Activity is presented visually in the form of an interactive graph, and more details are available in the event feed. See Activity Audit for details.

  • Captures allows you to create a snapshot of a moment in time of your environment’s workings. This allows you to inspect activity and uncover rich information. See Captures for details.

  • Rapid Reponse allows you to connect remotely into a host via shell and execute desired commands, reacting to dangers as soon as they are noticed. Due to its power, this feature must be manually enabled. See Rapid Response for details.