Getting Started with Sysdig Secure

Get Started Page (SaaS)

The Get Started page targets the key steps to ensure users are getting the most value out of Sysdig Secure. The page is updated with new steps as users complete tasks and as Sysdig adds new features to the product.

Onboarding_Screenshot.png

The Get Started page also serves as a linking page for

  • Documentation

  • Release Notes

  • The Sysdig Blog

  • Self Paced Training

  • Support

Users can access the Get Started page at any time by clicking the rocketship in the side menu.

Connect Your Data Sources

Install the Agent

  • Installing the agent on your infrastructure allows Sysdig to collect data for monitoring and security purposes.

Integrate with the Kubernetes Audit Log

  • The Kubernetes Audit log provides a security-relevant chronological set of records documenting the Kubernetes API activity. By parsing the Kubernetes Audit log we can track user activity, sensitive modifications, and permissions updates. Processing and auditing API logs is key to tracking indicators of compromise within Kubernetes environments, as well as meeting compliance controls.

Secure Your Pipeline

Integrate Scanning into your CI/CD Pipeline

  • By analyzing images locally on the CI/CD worker nodes, the Sysdig Secure inline scanner provides the following key benefits:

    • The ability to shift security left by scanning images before they are pushed to the registries

    • The ability to parallelize and distribute scanning workloads

    • No need to share credentials with Sysdig’s SaaS service or send images to the Sysdig backend to be analyzed.

Set up and Link a Notification Channel

  • Sysdig Secure will emit alerts to get proactive notification of events, anomalies, or any security incident that requires attention. The alerting system provides out-of-the-box push gateways for regular email, Slack, Cloud-provider notification queues, and custom webhooks, among others.

Set up a Repository Scanning Alert

  • By integrating scan results with any of the notification channels provided by Sysdig, users can swiftly receive actionable updates reporting on the output of the image analysis process. Repository alerts can then be customized using different trigger conditions depending on the registry/repo scope.

Secure Your Runtime Environment

Set up a Runtime Scanning Alert

  • One of the most actionable alerts a user can set up is to detect if an existing runtime image is impacted by newly discovered vulnerabilities. These alerts can be scoped using container and Kubernetes metadata so the right teams are notified as soon as the image falls out of compliance.

Create a Detection Rule

  • Sysdig Secure detects and responds to anomalous runtime activity by leveraging its behavioral detection engine, which is built on top of the open-source project, Falco. Additionally, users can easily create whitelist-based security rules for process execution, file access, and network activity using the basic policy engine.

Basic Onboarding

This section describes onboarding tips for Sysdig Secure (on-premises).

Access the Sysdig Secure Interface

To access the Sysdig Secure interface, the Sysdig agent must be installed, and a core admin user must be created during the Welcome Wizard. For installation instructions, refer to the Agent Installation documentation.

Note

Subsequent users must also have user credentials defined, either through Sysdig Secure, or through an integrated authentication tool. For more information on user creation, refer to the User and Team Administration documentation.

Explore the Sysdig Secure Interface

The Sysdig Secure UI is comprised of the following modules:

Secure_landing.png

There are a couple of potential starting points, depending on preferred workflow, and whether the Sysdig Secure implementation or the user is new:

  • For new Sysdig Secure environments, navigate to the Policies module to start configuring the policies and rules required for the environment.

  • For new Sysdig Secure users, navigate to the Policy Events module to review the current state of the environment.Policy Events