Getting Started with Sysdig Secure

Cloud Security Posture Management and Compliance using AWS CIS Benchmmarks

Out-of-the-box CloudTrail threat detections

Fargate/ECR image scanning for up to 250 scans per month

Here you can easily launch a CloudFormation template to connect an AWS account to Sysdig Secure. Be sure to deploy in the AWS account and region you want to secure.

By analyzing images locally on the CI/CD worker nodes, the Sysdig Secure inline scanner provides the following key benefits:

Invite someone in your team to use this Sysdig Secure account. They will receive an email and a user will be created for them. They are automatically assigned to Advanced User role.

Trigger an image scan, based on whatever image scanning options you've enabled.

Sysdig Secure will emit alerts to get proactive notification of events, anomalies, or any security incident that requires attention. The alerting system provides out-of-the-box push gateways for regular email, Slack, Cloud-provider notification queues, and custom webhooks, among others.

By integrating scan results with any of the notification channels provided by Sysdig, users can swiftly receive actionable updates reporting on the output of the image analysis process. Repository alerts can then be customized using different trigger conditions depending on the registry/repo scope.

One of the most actionable alerts a user can set up is to detect if an existing runtime image is impacted by newly discovered vulnerabilities. These alerts can be scoped using container and Kubernetes metadata so the right teams are notified as soon as the image falls out of compliance.

Sysdig Secure detects and responds to anomalous runtime activity by leveraging its behavioral detection engine, which is built on top of the open-source project, Falco. Additionally, users can easily create whitelist-based security rules for process execution, file access, and network activity using the basic policy engine.