Sysdig Sage for CDR

Sysdig Sage provides AI-powered capabilities to our Cloud Detection and Response (CDR) features. You can ask questions in regular language about your runtime events from the Events Feed. Sysdig Sage summarizes security events, provides insights into specific event, and offers context-aware recommendations based on the events it observes.

Sysdig Sage for Cloud Detection and Response (CDR) primarily targets users working in security operations responsible for incident response and forensics. It helps you reduce response time and speed up investigations. For example, Sysdig Sage for CDR can:

  • Explain command lines
  • Explain rules
  • Interpret data
  • Suggest areas to investigate for a particular issue
  • Recommend next steps

Sysdig Sage’s multi-level conversation is characterized by:

  • Summarization: Offers top statistics for runtime security events based on various groupings such as policy name, rule, event type, severity, and more.
  • Explainability: Provides in-depth information about specific security events.

Example Prompts

PROMPTVALUE
What are the most critical events on my cloud infrastructure?
What are my noisiest rules?
Which containers are generating the most events?
What are my top 3 high severity events
What are the most critical events on my cloud infrastructure?
How many events do I have for each severity?
Sysdig Sage can help you quickly summarize events on the Events Feed UI instead of analyzing them one by one.
What process generated the selected runtime event?
Help me understand the selected runtime event
Explain the rule that generated the selected runtime event
Sysdig Sage is context aware. For example, Sysdig Sage is aware that the process that generated the selected runtime event. Sysdig Sage helps reduce analysis time down to a few seconds to get to the core interesting concepts.
Can you explain the command line option in this event?Sysdig Sage gets you the right context with rich information and explanations. You no longer need to leave Sysdig Secure and search on the Internet.
What cloud users are associated with runtime events?
What users are associated with critical events?
Sysdig Sage gives you insight into the users who are associated with a selected event.