Zones
A zone, in Sysdig, is a collection of scopes that represent important areas of your business. For example, create a zone for your production environment, a staging environment, or a region.
By default, the Entire Infrastructure zone is created by Sysdig. For Risk and Compliance evaluation, CIS policies and the Sysdig Kubernetes policy are automatically applied to the Entire Infrasture and the finding are reported on the Compliance landing page.
To use other policies, you must apply them to zones.
Create and Configure a Zone
A completed Zone includes:
- Zone name and description
- Zone scope (the area of business to be included)
- Applied policies
Navigate to Policies > Risk and Compliance > Zones
.
Click New Zone
, enter a zone Name
and Description
, and click Save
.
Define the Scope
Define the Scope
by Platform
and Scope Attributes
.
Supported scope rules for each platform:
Kubernetes
- Distribution (AKS, GKE, EKS, Vanilla Kubernetes)
- Cluster name
- Namespace
- Labels
AWS
- Organization
- Account
- Region
- Labels
Azure
- Organization
- Subscription
- Region
- Labels
GCP
- Organization
- Project
- Region
- Labels
- Host (for Docker, Linux hosts)
- Cluster
Apply Policies
Select polic(ies) from the drop-down list.
Click Save
. The zone will be listed with the Platform and number of applied policies on the Zones list page.
Note that if a policy is applied on zones that have no relevant resources to evaluate for that policy, results will not appear on the Compliance page.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.