Getting Started with Sysdig Secure
Get Started Page (SaaS)
The Get Started page targets the key steps to ensure users are getting the most value out of Sysdig Secure. The page is updated with new steps as users complete tasks and as Sysdig adds new features to the product.
The Get Started page also serves as a linking page for
Documentation
Release Notes
The Sysdig Blog
Self Paced Training
Support
Users can access the Get Started page at any time by clicking the rocketship in the side menu.
Connect Your Data Sources
Install the Agent
Installing the agent on your infrastructure allows Sysdig to collect data for monitoring and security purposes.
Integrate with the Kubernetes Audit Log
The Kubernetes Audit log provides a security-relevant chronological set of records documenting the Kubernetes API activity. By parsing the Kubernetes Audit log we can track user activity, sensitive modifications, and permissions updates. Processing and auditing API logs is key to tracking indicators of compromise within Kubernetes environments, as well as meeting compliance controls.
Secure Your Pipeline
Integrate Scanning into your CI/CD Pipeline
By analyzing images locally on the CI/CD worker nodes, the Sysdig Secure inline scanner provides the following key benefits:
The ability to shift security left by scanning images before they are pushed to the registries
The ability to parallelize and distribute scanning workloads
No need to share credentials with Sysdig’s SaaS service or send images to the Sysdig backend to be analyzed.
Set up and Link a Notification Channel
Sysdig Secure will emit alerts to get proactive notification of events, anomalies, or any security incident that requires attention. The alerting system provides out-of-the-box push gateways for regular email, Slack, Cloud-provider notification queues, and custom webhooks, among others.
Set up a Repository Scanning Alert
By integrating scan results with any of the notification channels provided by Sysdig, users can swiftly receive actionable updates reporting on the output of the image analysis process. Repository alerts can then be customized using different trigger conditions depending on the registry/repo scope.
Secure Your Runtime Environment
Set up a Runtime Scanning Alert
One of the most actionable alerts a user can set up is to detect if an existing runtime image is impacted by newly discovered vulnerabilities. These alerts can be scoped using container and Kubernetes metadata so the right teams are notified as soon as the image falls out of compliance.
Create a Detection Rule
Sysdig Secure detects and responds to anomalous runtime activity by leveraging its behavioral detection engine, which is built on top of the open-source project, Falco. Additionally, users can easily create whitelist-based security rules for process execution, file access, and network activity using the basic policy engine.
Basic Onboarding
This section describes onboarding tips for Sysdig Secure (on-premises).
Access the Sysdig Secure Interface
To access the Sysdig Secure interface, the Sysdig agent must be installed, and a core admin user must be created during the Welcome Wizard. For installation instructions, refer to the Agent Installation documentation.
Note
Subsequent users must also have user credentials defined, either through Sysdig Secure, or through an integrated authentication tool. For more information on user creation, refer to the User and Team Administration documentation.
Explore the Sysdig Secure Interface
The Sysdig Secure UI is comprised of the following modules:
There are a couple of potential starting points, depending on preferred workflow, and whether the Sysdig Secure implementation or the user is new:
For new Sysdig Secure environments, navigate to the Policies module to start configuring the policies and rules required for the environment.
For new Sysdig Secure users, navigate to the Policy Events module to review the current state of the environment.