Sysdig Sage for Threats
Sysdig Sage for Threats is an enhancement to the existing Threats feature. It enriches the Threats experience with an AI-powered assistant.
Sysdig Sage for Threats primarily targets users investigating runtime threats within their infrastructure. It helps you understand the impact of threats and guides investigations by connecting related events, rules, and contextual data.

For example, Sysdig Sage for Threats can:
- Expand threat details with clear summaries of active threats
- Identify the specific threat you are investigating
- Surface related runtime events, rules, and impacted resources
- Provide contextual data to guide your investigation
- Recommend next steps to accelerate remediation
Example Prompts
PROMPT | VALUE |
---|---|
Summarize the latest threats Tell me more about this threat | Sysdig Sage can generate a title and summary of active threats and provide details from the Threats UI (Rules, Events, Resources tabs). |
What threat is this runtime event associated with? | Sysdig Sage can identify whether a runtime event belongs to a threat and provide a direct link to that threat, reducing investigation time. |
Show me more details about this threat Expand event details | Sysdig Sage allows you to expand threat or event information directly in the UI, surfacing deeper insights into rules, impacted resources, or attack patterns. |
What runtime events are associated with this threat? | Sysdig Sage can retrieve and display a list of events tied to a selected threat, with direct navigation to each one. |
Who/what is impacted by this threat? | Sysdig Sage can highlight impacted resources, helping analysts quickly understand scope and impact. |