Respond

Finding the team or developer responsible for an application in a cloud or Kubernetes environment can take hours or days. A live issue or security event may require faster action. In Sysdig Secure, authorized users can use Response Actions and Rapid Response to remediate threats quickly.
  • Response Actions lets you take action directly from the Events feed.
  • Rapid Response lets you connect to a remote shell within your environment and execute commands there.

These features supplement the response capabilities of Threat Detection Policies. Several policy types, such as the Drift Detection Policy, let you configure actions to occur when a suspicious event is detected in the workload.