Sysdig Documentation

Sysdig Secure

Sysdig Secure is part of Sysdig’s container intelligence platform. Sysdig uses a unified platform to deliver security, monitoring, and forensics in a container and microservices-friendly architecture. Sysdig Secure takes a services-aware approach to runtime security and forensics and brings together deep container visibility with Docker and Kubernetes integration to block threats more effectively.

In the background, the Sysdig agent lives on the hosts being monitored and collects the appropriate data and events. For more information, see the Sysdig Agent Documentation.

Key Features

  • Presents relevant performance and security data together.

  • Offers image scanning, auditing, and runtime vulnerability management capabilities:

    • Filter and surface vulnerabilities against images, clusters, namespaces, hosts or any other label

    • Alert on unscanned images or images whose evaluation status has changed from new vulnerabilities

    • Log user actions, container activity, and command-line arguments

    • Enforce security policies and block attacks

  • Provides compliance for a distributed environment:

    • Easily schedule customized compliance benchmarks to run across hosts, services, or clusters

    • Export compliance results to SIEM, Logging clusters, or other tools your organization uses

  • Provides runtime detection and data enrichment:

    • Identify and block threats in real-time, based on application, container, and network activity

    • Instrument Kernel to track all app, container, host, and network system calls

    • View security policy violation based on orchestrated services

  • Supports incident response and forensics:

    • Protect distributed, dynamic, and ephemeral services with a single-service policy involving no manual configuration

    • Create detailed system captures for any policy violation or incident enabling ability to take actions malicious activity

    • Drill down from policy violations into 100% granularity captures of pre- and post-attack activity

    • View SCAP files to see all system activity before, during, and after any security event

    • Create detailed system captures for any policy violation or incident enabling ability to take actions malicious activity

    • Integrate alerting and incident response

Key Components

  • Sysdig Secure Interface

    Log into Sysdig Secure and navigate the interface.

  • Policies

    Configure Sysdig Secure policies and rules.

  • Policy Events

    Review the full list of policy violations and drill down into specific events.

  • Commands Audit

    Search through a complete audit trail of executed commands.

  • Captures

    Create capture files containing system calls and other OS events to assist in monitoring and troubleshooting the infrastructure.

  • Image Scanning

    Scan new images, identify vulnerabilities and configure scanning-specific policies.

  • Compliance

    Run Kubernetes and Docker CIS benchmarks against your environment.