Secure Overview

This page is being replaced by the new Home page in Sysdig Secure, as well as the updated Data Sources pages.

The Secure Overview page provides an entry point to Sysdig Secure and a birds-eye view of your assets and their status.

Chart Highlights

The Overview page displays pass/fail results over time, to a maximum of 90 days.

If there are any broken lines in the trend chart, it means there was no data available for that period.

Definitions

  • Build-time images: All the images that have been evaluated by Sysdig Secure.

  • Runtime images: All the images that are being used by running containers in the past few hours

  • Policy Events: The security events generated as a result of policies

Scope

Panels can be scoped by Cluster or Namespace. The scope will update all panels that are displaying run-time data and the corresponding drill-down views.

The panels are affected in the following ways by the scope:

  • Build Time - Images Scanned and Build Time - CVEs Found by Severity (OS and Non-OS):

    Not impacted by this filter.

    When filtered by cluster, a small info icon appears on build time panels showing the results are independent of cluster

  • All other panels get filtered by cluster/namespace (filters both instant data and trend chart).

  • Benchmarks panel: cannot be filtered by namespace.

    When namespace is selected, it will still show the cluster’s data and a small info icon appears on the panel showing the results are independent of namespace.

  • Namespace: disabled when a non-Kubernetes cluster is selected.

  • “Non-k8s” as a cluster selection will show all results that are running outside of the scope of a kubernetes cluster.

Panel Details

The graphs display pass/fail results over time, to a maximum of 90 days. Note that if you have less data (e.g., two days), then only two days will be shown.

Build Time - Images Scanned

Shows the pass/fail status of all the images analyzed by Sysdig Secure.

Donut: shows past 24 hours

Data Collection Details

Duration

Process

Drill-Down

Last 24 hours of data

Data is collected and aggregated every 6 hours.

Example: Suppose the last computation happened at 10 AM. Was: 6 pass, 2 fail. Two new images are added at 12 PM (status = pass). The panel count is updated at 4 PM to 8 pass, 2 fail.

Reports page.

Shows all the images that were added.

In this example, if user drills down at 10 AM, reports page will show 6 pass, 2 fail. At 12 PM, reports page will show 8 pass, 2 fail (may not match overview data). At 4 PM, both reports and overview page will show 8 pass, 2 fail.

Runtime - Images Scanned

Shows the pass/fail status of all runtime images scanned across clusters for the past 1 hour.

Donut: shows last 1-hour snapshot of data

Data Collection Details

Duration

Process

Drill-Down

Last 1-hour snapshot

Shows the runtime images across clusters for the last 1 hour.

Example: Suppose the last computation happened at 10 AM was: 6 pass, 2 fail, 1 unscanned.

Three new runtime images were added at 12 PM (2 fail, 1 unscanned). The panel count is updated at 4 PM and shows as 6 pass, 3 fail, 2 unscanned.

Runtime Scanning Image page.

Note: Though the count usually matches between the overview panel and the runtime image page, it may not always match. Reason: The overview runtime panel aggregates data for the last hour of data (10.30 - 11.30), but the runtime scanning page shows the snapshot for the last hour (10.00 - 11.00).

Runtime - Policy Events by Severity

Shows the events in Sysdig Secure over the past 24 hours, sorted by high, medium, low, and information levels of severity.

Donut: shows past 24 hours of data

Data Collection Details

Duration

Process

Drill-Down

Last 24 hours of data

Data is collected and aggregated every 6 hours.

Example: suppose the last computation happened at 10 AM. Was: 10 high, 4 medium, 7 low, 2 info. Four new events were triggered at 12 PM (2 high, 2 info). The panel count is updated at 4PM and shows 12 high, 4 medium, 7 low, 4 info.

Events page

Note: The Events page shows all events that were triggered.

Build Time - CVEs Found by Severity (OS and non-OS)

Shows the Common Vulnerabilities and Exposures detected over the past 24 hours, sorted by high, medium, low, and information levels of severity.

Donut: shows last 24 hours of data

Data Collection Details

Duration

Process

Drill-Down

Past 24 hours of data

Data is collected and aggregated every 6 hours.

Example: suppose the last computation happened at 10 AM. Was: 10 critical, 4 high, 7 medium, 2 low. Two new images with vulnerabilities were added at 12 PM (OS Vuln: 2 high, 2 low; Non OS vuln: 3 Critical, 1 high). The panel count is updated at 4 PM and shows as 13 Critical, 7 high, 7 medium, 3 low.

No drilldown yet. To be added.

Runtime - CVEs Found by Severity (OS and non-OS)

Shows the Common Vulnerabilities and Exposures detected for runtime images across clusters for the last 1 hour.

Donut: shows 1-hour snapshot

Data Collection Details

Duration

Process

Drill-Down

Last 1-hour snapshot

Shows CVEs for runtime images across clusters for the last 1 hour.

Example: suppose the last computation happened at 10 AM. Was: 10 critical, 4 high, 7 medium, 2 low. Two new images with vulnerabilities were added at 12 PM (OS Vuln: 2 high, 2 low; Non OS vuln: 3 Critical, 1 high). The panel count is updated at 4 PM and shows as 13 Critical, 7 high, 7 medium, 3 low.

No drilldown yet. To be added.