Zones
A zone, in Sysdig, is a collection of scopes that represent important areas of your business. For example, create a zone for your production environment, a staging environment, or a region.
Two zones are provided by default from Sysdig:
- Entire Infrastructure: This is applied to connected data sources. Update the Zone Applied Posture Policies or create a new zone to update findings that are reported on the Compliance page.
- Entire Git: If you have configured IaC scanning with Git integrations to your development pipeline in Git, then the Entire Git zone is automatically applied to those source repositories. You can also create more targeted zones for selected Git sources, if desired.
To use other policies, you must apply them to zones.
Create and Configure a Zone
A completed Zone includes:
- Zone name and description
- Zone scope (the area of business to be included)
- Applied Posture policies (to evaluate the posture for resources in the zone scopes)
Navigate to
Policies > Posture|Zones
.Click
New Zone
, enter a zoneName
andDescription
, and clickSave
.
Define the Scope
Define the Scope
by Platform
and Scope Attributes
.
Supported scope rule attributes for each platform:
Kubernetes
- Distribution (AKS, GKE, EKS, Vanilla Kubernetes)
- Cluster name
- Namespace
- Labels
- Agent Tags
AWS
- Organization
- Account
- Region
- Labels
Azure
- Organization
- Subscription
- Region
- Labels
GCP
- Organization
- Project
- Region
- Labels
Host
- Host Name (for Docker, Linux hosts)
- Cluster
- Agent Tags
Git
- Git integration
- Git source(s)
Supported Operators
Currently, Supported operators are:
- in (list the desired values)
- contains (use a string value)
Values
Auto-complete values will be based on resources that were scanned and listed in the Inventory
Each value field has a limitation of 2048 characters per row. For longer values, consider adding scopes. This could also help with the readability and maintenance of your scopes.
Apply Posture Policies
Use the drop-down list to apply Posture Policies to your zones.
Click Save
. The zone will be listed on the Zones list page.
Note that if a posture policy is applied on zones that have no relevant resources to evaluate for that policy, results will not appear on the Compliance page for that posture policy.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.