Policies

Sysdig uses policies to generate events based on data collected from cloud environments. These policies provide visibility into system behavior, enabling you to understand potential risks and take proactive measures. Policies provide actionable insights for maintaining a robust and secure infrastructure.

Key Features

Sysdig Secure Policies provide the following benefits:

  • Visibility and understanding - The policies offer visibility into the security and integrity of cloud environments. They help you understand the behavior of your systems and identify potential threats.
  • Actionable information - Sysdig Secure policies generate events based on real-time data, providing actionable information. You can leverage these events to take prompt and informed actions to mitigate risks.
  • Built-in policies - Sysdig Secure provides a range of built-in policies that offer immediate value. These pre-configured policies are designed to address common security and integrity concerns in cloud environments.
  • Customization - You can fine-tune the behavior of built-in policies to align them with your specific requirements. You have the flexibility to change default configurations, enable or disable policies, and create new ones tailored to your environment.

Uses

You can use Sysdig Secure Policies to:

  • Evaluate built-in policies and identify areas that need customization.
  • Modify policy configurations to align with your organizational needs.
  • Enable or disable policies based on their relevance and impact on your environment.
  • Create brand new policies that address specific security concerns unique to your environment.

You can optionally use the following tools to automate policy creation:

Topics in This Section
Threat Detection Policies

Sysdig Secure manages Runtime Threat Detection through policies. These policies consist of rules to detect and respond to suspicious activity in your environments. This page outlines the concepts to use Threat Detection Policies.

Vulnerability Policies

Vulnerability policies are designed to identify and address pipeline, runtime, and host vulnerabilities and other image risks out of the box, accompanied by relevant rule bundles.

Posture Policies

Sysdig Posture Policies allow you to configure what Compliance evaluates,i n the context of compliance standards, such as Center for Internet Security (CIS) and the National Institute of Standards and Technology (NIST). This page provides the conceptual background needed to create, edit, and apply compliance policies in your own environment.

Risk Acceptance

You can accept the risk of detected vulnerabilities and posture/compliance violations. This topic describes how to use the Risk Acceptance page to collate and manage accepted risks.

Install Falco Rules On-Premises (Legacy)

Periodically, Sysdig releases new Falco Rules that provide additional coverage for new behaviors, and adds exceptions for known good behaviors. The rules installer is included by default in on-prem installations 6.x and up. If you are using an earlier version, you can install Falco Rules as a container in on-prem deployments.

Profiling

Image profiling in Sysdig enhances the data collection capabilities of the Sysdig agent and is a building block for Machine Learning policies and Risk Spotlight.

Zones

A zone, in Sysdig, is a collection of scopes that represent important areas of your business. For example, you can create a zone for your production environment, a staging environment, or a region.