Install Rapid Response
Rapid Response team members have access to a full shell from within the Sysdig Secure UI. Responsibility for the security of this powerful feature rests with you, your enterprise, and your designated employees.
See also: Rapid Response.
The Rapid Response agent can be installed via Helm on Kubernetes.
Note: You can also install Rapid Response on a host as a container.
Install Using Using Helm
Prerequisites
- Installed Sysdig Components on Kubernetes using Helm
- Helm v3.8 or above
Deployment Steps
Recommended: Replace
helm install
withhelm upgrade --install
.To enable the Rapid Response component in your existing Sysdig Secure Helm install command, add the following:
--set rapidResponse.enabled=true \ --set rapidResponse.rapidResponse.passphrase=YOUR_SECRET_PASSPHRASE \
For
passphrase
, enter any phrase you want to use.Run the modified command to deploy Sysdig Secure with the Rapid Response component enabled. Designated Advanced Users will now be able to remote connect into a host directly from the Event stream in Sysdig Secure.
Configure Log Storage
In order to save session logs, Rapid Response requires custom storage to be configured.
If you are using the default storage for Capture files, you will need to configure an AWS or custom S3 bucket to store Rapid Response log files after a session. If you have already configured an S3 bucket for Captures, then Rapid Response logs will be routed there automatically, into their own folder.
For SaaS Users with Sysdig Secure Only
Contact Sysdig Support for assistance creating a custom S3 bucket for rapid response logs.
Post-Installation
After Rapid Response is installed, team(s) must be configured to use it.
Troubleshooting
Validate the Rapid Response installation:
- Ensure the host component can reach the Sysdig collector. Its address and port are defined here for SaaS users or provided during the installation for on-prem users.
- Ensure there are no intermediate proxies that could enforce maximum time to live (since sessions could potentially have long durations)
- Ensure that the host component can reach the object storage (S3 bucket) when configured.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.