Sysdig Sage for Threats

Sysdig Sage for Threats is an enhancement to the existing Threats feature. It enriches the Threats experience with an AI-powered assistant.

Sysdig Sage for Threats primarily targets users investigating runtime threats within their infrastructure. It helps you understand the impact of threats and guides investigations by connecting related events, rules, and contextual data.

Sysdig Sage for Threats

For example, Sysdig Sage for Threats can:

  • Expand threat details with clear summaries of active threats
  • Identify the specific threat you are investigating
  • Surface related runtime events, rules, and impacted resources
  • Provide contextual data to guide your investigation
  • Recommend next steps to accelerate remediation

Example Prompts

PROMPTVALUE
Summarize the latest threats
Tell me more about this threat
Sysdig Sage can generate a title and summary of active threats and provide details from the Threats UI (Rules, Events, Resources tabs).
What threat is this runtime event associated with?Sysdig Sage can identify whether a runtime event belongs to a threat and provide a direct link to that threat, reducing investigation time.
Show me more details about this threat
Expand event details
Sysdig Sage allows you to expand threat or event information directly in the UI, surfacing deeper insights into rules, impacted resources, or attack patterns.
What runtime events are associated with this threat?Sysdig Sage can retrieve and display a list of events tied to a selected threat, with direct navigation to each one.
Who/what is impacted by this threat?Sysdig Sage can highlight impacted resources, helping analysts quickly understand scope and impact.