Sysdig Sage for Search

Sysdig Sage for Search introduces AI-powered search capabilities to the Sysdig Secure platform. This feature simplifies the searching of cloud resources, assets, and security posture findings across multi-cloud and Kubernetes environments.

By leveraging natural language processing (NLP) and SysQL query translation, Sysdig Sage lets you retrieve security insights, inventory data, and compliance findings without needing deep technical knowledge of query languages or cloud security frameworks.

With Sysdig Sage for Search, you can:

  • Search cloud inventory across AWS, GCP, and Azure for resources like EC2 instances, Kubernetes workloads, IAM roles, and S3 buckets.
  • Identify security posture findings including failed controls, vulnerabilities, and compliance violations.
  • Ask questions in natural language while the AI generates SysQL queries automatically
  • Get contextual insights of query results to simplify investigation and troubleshooting.

Key Features

Sysdig Sage for Search combines two integrated capabilities:

1. Sysdig Sage for Search (SysQL Translation)

Automatically converts natural language questions into structured SysQL queries. This makes the Sysdig inventory more accessible to users with varying levels of expertise.

Key capabilities:

  • Translates questions like Show my EC2 instances into executable SysQL.
  • Supports graph-based queries to analyze relationships between cloud and Kubernetes resources.
  • Reduces the SysQL learning curve for security teams, DevOps engineers, and cloud architects.

2. Sysdig Sage for Search (Assistant)

Sysdig Sage for Search (Assistant) enhances SysQL Translation by delivering intelligent interpretation of query results. Rather than simply returning raw data, this assistant does the following:

  • Interprets search results
  • Identifies Relationships and maps connections between entities (for example, Which IAM roles have access to specific S3 buckets)
  • Allows interactive follow-ups to analyze results (for example, Show only production resources)

Key capabilities

  • Explains SysQL query results in plain language
  • Highlights security findings and compliance details for returned resources
  • Enables query refinement through follow-up questions (for example, Show me only the EC2 instances with critical vulnerabilities.)

By providing interpretation of query results with contextual insights, Sysdig Sage for Search (Assistant) bridges the gap between raw security data and actionable insights.

Example Use Cases

  • Inventory search: Count all S3 buckets in us-east-1
  • Risk assessment: List resources with critical vulnerabilities
  • Compliance review: List cloud assets with failing security controls
  • Threat analysis: Which EC2 instances have access to exposed S3 buckets?

Benefits

  • Simplified search: Retrieve cloud assets without writing queries in SysQL
  • Multi-cloud visibility: Unified search across AWS, GCP, and Azure
  • Security insights: Get details to vulnerabilities, misconfiguration, and compliance risks
  • Data analysis: Understand relationships between resources, workloads, and security events
  • AI-Powered Assistance: Refine searches interactively for deeper investigation

Sysdig Sage for Search combines AI-powered natural language processing with structured query capabilities to make cloud security data more accessible and actionable.