Getting Started with Sysdig Secure

Get Started Page (SaaS)

The Get Started page targets the key steps to ensure users are getting the most value out of Sysdig Secure. The page is updated with new steps as users complete tasks and as Sysdig adds new features to the product.


The Get Started page also serves as a linking page for

  • Documentation

  • Release Notes

  • The Sysdig Blog

  • Self Paced Training

  • Support

Users can access the Get Started page at any time by clicking the rocketship in the side menu.

Connect Your Data Sources

Install the Agent

  • Installing the agent on your infrastructure allows Sysdig to collect data for monitoring and security purposes.

Integrate with the Kubernetes Audit Log

  • The Kubernetes Audit log provides a security-relevant chronological set of records documenting the Kubernetes API activity. By parsing the Kubernetes Audit log we can track user activity, sensitive modifications, and permissions updates. Processing and auditing API logs is key to tracking indicators of compromise within Kubernetes environments, as well as meeting compliance controls.

Secure Your Pipeline

Integrate Scanning into your CI/CD Pipeline

  • By analyzing images locally on the CI/CD worker nodes, the Sysdig Secure inline scanner provides the following key benefits:

    • The ability to shift security left by scanning images before they are pushed to the registries

    • The ability to parallelize and distribute scanning workloads

    • No need to share credentials with Sysdig’s SaaS service or send images to the Sysdig backend to be analyzed.

Set up and Link a Notification Channel

  • Sysdig Secure will emit alerts to get proactive notification of events, anomalies, or any security incident that requires attention. The alerting system provides out-of-the-box push gateways for regular email, Slack, Cloud-provider notification queues, and custom webhooks, among others.

Set up a Repository Scanning Alert

  • By integrating scan results with any of the notification channels provided by Sysdig, users can swiftly receive actionable updates reporting on the output of the image analysis process. Repository alerts can then be customized using different trigger conditions depending on the registry/repo scope.

Secure Your Runtime Environment

Set up a Runtime Scanning Alert

  • One of the most actionable alerts a user can set up is to detect if an existing runtime image is impacted by newly discovered vulnerabilities. These alerts can be scoped using container and Kubernetes metadata so the right teams are notified as soon as the image falls out of compliance.

Create a Detection Rule

  • Sysdig Secure detects and responds to anomalous runtime activity by leveraging its behavioral detection engine, which is built on top of the open-source project, Falco. Additionally, users can easily create whitelist-based security rules for process execution, file access, and network activity using the basic policy engine.

Access the Sysdig Secure Interface (On-Premises)

To access the Sysdig Secure interface, the Sysdig agent must be installed, and a core admin user must be created during the Welcome Wizard. For installation instructions, refer to the Agent Installation documentation.


Subsequent users must also have user credentials defined, either through Sysdig Secure, or through an integrated authentication tool. For more information on user creation, refer to the User and Team Administration documentation.