Zones

A zone, in Sysdig, is a collection of scopes that represent important areas of your business. For example, you can create a zone for your production environment, a staging environment, or a region.

Sysdig provides two zones by default:

  • Entire Infrastructure: This applies to connected data sources. Update the Zone Applied Posture Policies or create a new zone to update findings that are reported on the Compliance page.
  • Entire Git: If you have configured Infrastructure as Code (IaC) scanning with Git integrations to your development pipeline in Git, then the Entire Git zone is automatically applied to those source repositories. You can also create more targeted zones for selected Git sources.

You can create more Zones to suit your organization’s needs.

Create and Configure a Zone

A completed Zone includes:

  • Zone name and description
  • Zone scope (the area of business to be included)
  • Optional: Applied Posture policies (to evaluate the posture for resources in the zone scopes)

To create a Zone:

  1. Log in to Sysdig Secure, and navigate to Policies > Zones.


  2. Click New Zone.

  3. Enter a Name and Description.

  4. Click Save.

Define the Scope

Once the Zone is created, the Zone Configuration page will open.


The following details can be configured:

  • Main Info: Edit the Name and Description if you wish.

  • Scopes: Click Add Scope to select from the available platforms and specify which attributes to include.

Use of the Region scope may result in more data being shown to users in the Posture > Identity Management pages than defined in the Zone.

Supported scope rule attributes vary according to platform:

AWS

  • Organization
  • Account
  • Region
  • Labels

Azure

  • Organization
  • Subscription
  • Region
  • Labels

GCP

  • Organization
  • Project
  • Region
  • Labels

Host

  • Host Name (for Docker, Linux hosts)
  • Cluster
  • Agent Tags

Kubernetes

  • Distribution (AKS, GKE, EKS, Vanilla Kubernetes)
  • Cluster name
  • Namespace
  • Labels
  • Agent Tags

Git

  • Git integration
  • Git source(s)

Use Operators and Values

After the attribute, you can use operators and values.

Sysdig supports two operators:

  • in:
    • Matches exact values. Use this to scope specific cluster names.
    • For example, defining a scope, Cluster + in + prd, will only match the cluster prd, if it exists.
    • You can match multiple values. For example, use the scope, Cluster + in + prd + demo, to include the clusters prd and demo.
  • contains:
    • Matches a value inside a string. Use this to scope cluster names containing a given value.
    • For example, defining a scope, Cluster + contains + prd, will include clusters such as myApp-prd, prd1, and prd-sysdig.

After the operator, select a value. Each value field has a limitation of 2048 characters per row. For longer values, consider adding scopes. This improves readability and maintenance of your scopes.

Auto-complete values will be based on resources that were scanned and listed in the Inventory.

Apply Posture Policies

Use the drop-down list to apply Posture Policies to your zones.

If a posture policy is applied on zones that have no relevant resources to evaluate for that policy, results will not appear on the Compliance page for that posture policy.

Complete Configuration

Once you’ve configured the Zone’s main info, added scopes, and applied Posture Policies, click Save.

The zone will be listed on the Zones list page.