Serverless Malware Detection
The Sysdig Serverless Workload Agent provides runtime security for serverless on AWS Fargate. With Serverless Malware Detection, you can detect and alert on malicious files, scripts, and anomalous activity directly within your serverless containers.
Threat actors often target container workloads to drop malicious binaries, spawn unauthorized processes, or run covert cryptominers. Leveraging Malware Detection gives your security teams the critical visibility needed to investigate these threats, streamline incident response, and uphold regulatory compliance standards.
To optimize performance and give you granular control over your deployment, Serverless Malware Detection is disabled by default.
Prerequisites
Before enabling Serverless Malware Detection, ensure you have:
- An active Sysdig Secure account.
- The Sysdig Serverless Workload Agent instrumented in your serverless environment.
- The necessary IAM roles and permissions to update your container environment variables.
Enable Malware Detection
You can enable and configure Serverless Malware Detection by using the SYSDIG_EXTRA_CONF environment variable within your workload agent container definition.
To turn on malware scanning, provide the configuration options under the malware_control heading.
Configuration Parameters
| Option | Default | Description |
|---|---|---|
enabled | false | Determines whether the malware detection feature is active. Set to true to enable runtime malware detection for the Serverless Workload Agent. |
Configuration Example
You can append the malware control settings to your existing SYSDIG_EXTRA_CONF variable or create it if you are not currently using it.
To enable the feature, pass the following string to the SYSDIG_EXTRA_CONF environment variable in your task definition:
SYSDIG_EXTRA_CONF='{"malware_control": {"enabled": true}}'
