What’s new in Sysdig - July 2022

It’s time for another publication of What’s New in Sysdig in 2022! I’m in charge of the “What’s new in Sysdig” blog for the month of July! Hello, I’m Tom Linkin, a Sr. Solutions Engineer based in the Poconos up in Pennsylvania. I joined the incredible group of people at Sysdig nine months ago and have been helping support sales in the greater NYC region ever since. As cloud security needs continue to evolve, so does Sysdig, and I can’t wait for you to see what we have in store for the future!

This month’s highpoints include the addition of CloudWatch Metric Streams to Sysdig Monitor. There have also been plenty of updates to the various components in the Sysdig ecosystem.

Sysdig Monitor

Integrate AWS CloudWatch metric streams

Sysdig Monitor now can ingest metrics directly from Kinesis Firehose, allowing you to fully integrate all your existing AWS service metrics into Sysdig Monitor.

In addition, we have also released nine out-of-the-box dashboards and alerts for the following AWS CloudWatch Metric Streams services:

AWS ALB
AWS EBS
AWS ELB
AWS Fargate
AWS Lambda
AWS RDS
AWS S3
AWS SQS

For more information on collecting AWS metrics, see this blog.

Sysdig Secure

Stay tuned for exciting new developments in Sysdig Secure in the next edition of What’s New.

This month, we have:

Falco rules

v0.74.3 is the latest version. Here are some highlights of the changes from v0.74.3, which we covered in June.

Created the following rules:

GCP App Engine Firewall Rule Deleted
GCP App Engine Firewall Rule Updated
GCP Create Cloud Function v2 Not Using Latest Runtime
GCP Create Cloud Function v2
GCP Compute Firewall Rule Deleted
GCP Compute Firewall Rule Updated
GCP Delete Compute VM Instance
GCP Update Cloud Function v2
Malicious Environment Variable in Spawned Process
nsenter Container Escape

Further details and the full changelog can be found on Sysdig documentation.

Sysdig Agents

The latest Sysdig Agent release is v12.7.1.

Please refer to our v12.7.1 Release Notes for further details.

SDK, CLI, and tools

Sysdig CLI

v0.7.14 is still the latest release. The instructions on how to use the tool and the release notes from previous versions are available at the following link:

https://sysdiglabs.github.io/sysdig-platform-cli/

Python SDK

v0.16.4 is the new release with some minor fixes and updates.

https://github.com/sysdiglabs/sysdig-sdk-python/releases/tag/v0.16.4

Terraform Provider

v0.5.39 is the newest release, which included a minor json fix.

Documentation – https://registry.terraform.io/providers/sysdiglabs/sysdig/latest/docs

Github link – https://github.com/sysdiglabs/terraform-provider-sysdig

Terraform Modules

AWS Sysdig Secure for Cloud has a new release! – v0.9.4 includes some minor fixes and new features

GCP Sysdig Secure for Cloud has not changed and is still v0.9.0

Azure Sysdig Secure for Cloud has not changed and is still v0.9.0

Note: Please check release notes for potential breaking changes

Falco Visual Studio Code Extension

v0.1.0 continues to be the latest release.

https://github.com/sysdiglabs/vscode-falco/releases/tag/v0.1.0

Sysdig Cloud Connector

Sysdig Cloud Connector has not changed and remains at release v0.16.11.

Check the list of changes to get full details.

Admission Controller

Sysdig Admission Controller has not changed and is still v3.9.5.

Documentation – https://docs.sysdig.com/en/docs/installation/admission-controller-installation/

Runtime Vulnerability Scanner

The new vuln-runtime-scanner has been updated to release v1.2.0.

Documentation – https://docs.sysdig.com/en/docs/sysdig-secure/vulnerabilities/runtime

Sysdig CLI Scanner

Sysdig CLI Scanner binary has been updated to v1.2.1.

Note: If you are using this binary for local scanning in your development environment or your pipeline does not automatically pull the latest binary, we recommend you update. Follow the instructions in the documentation to retrieve the latest binary. The documented steps work well in a pipeline too when your CI/CD pipelines can access the Internet. Really, it’s best to assume there’s always a new release!

Documentation – https://docs.sysdig.com/en/docs/sysdig-secure/vulnerabilities/pipeline/

Image Analyzer

Sysdig Image analyzer has had a release! – v0.1.18.

Host Analyzer

Sysdig Host Analyzer has had a release! – v0.1.9.

Documentation: https://docs.sysdig.com/en/docs/installation/node-analyzer-multi-feature-installation/#node-analyzer-multi-feature-installation

Sysdig Secure Inline Scan for Github Actions

The latest release is still v3.4.0.

https://github.com/marketplace/actions/sysdig-secure-inline-scan

Sysdig Secure Jenkins Plugin

There has been a release! The latest version is now v2.1.16

https://plugins.jenkins.io/sysdig-secure/

Prometheus Integrations

There have been a few releases in the Prometheus Integrations space since the last post. An aggregate of changes is below.

Integrations:

fix: Prometheus job of Kubernetes CoreDNS not being able to get metrics because of error in port endpoint
feat: Added metric to kubelet job
fix: Added php-fpm logo in the docs

Dashboards and alerts:

feat: Added updated “Time Series Usage” dashboard template to the repo
fix: AWS MetricStreams dashboard templates not being displayed
feat: Removed deprecated ‘OutOfDisk’ condition on Node Status and Performance dashboard
feat: Published alert templates for AWS MetricsStreams integrations:
- ALB, EBS, ELB, ECS-Fargate, Lambda, RDS, S3, SQS
fix: Changed titles in panel of capacity planning dashboard to reflect only containers’ resource usage
fix: Changed “sysdig_shares_count” per “kube_resources_requests” in all dashboard templates
fix: Fixed minor typo in a MySQL alert name

Exporter images:

fix: Error in JMX exporter image.
fix: Fixed port in Memcached exporter scratch image.
fix: Security updates in UBI images of all exporters:
- Apache:
  - quay.io/sysdig/apache-exporter:v0.11.1-ubi
  - quay.io/sysdig/apache-exporter:v0.11.1
- Elasticsearch:
  - quay.io/sysdig/elasticsearch-exporter:v1.3.4-ubi
  - quay.io/sysdig/elasticsearch-exporter:v1.3.4
- Grok:
  - quay.io/sysdig/sysdig/grok-exporter:v1.0.4-ubi
  - quay.io/sysdig/sysdig/grok-exporter:v1.0.4
- JMX:
  - quay.io/sysdig/promcat-jmx-exporter:v0.17.3-ubi
  - quay.io/sysdig/promcat-jmx-exporter:v0.17.3
- Memcached:
  - quay.io/sysdig/memcached-exporter:v0.10.2-ubi
  - quay.io/sysdig/memcached-exporter:v0.10.2
- MongoDB:
  - quay.io/sysdig/mongodb-exporter:v0.11.9-ubi
  - quay.io/sysdig/mongodb-exporter:v0.11.9
- MySQL:
  - quay.io/sysdig/mysql-exporter:v0.14.1-ubi
  - quay.io/sysdig/mysql-exporter:v0.14.1
- NGINX:
  - quay.io/sysdig/nginx-exporter:v0.10.1-ubi
  - quay.io/sysdig/nginx-exporter:v0.10.1
- Node exporter:
  - quay.io/sysdig/node-exporter:v1.2.4-ubi
  - quay.io/sysdig/node-exporter:v1.2.4
- NTP:
  - quay.io/sysdig/ntp-exporter:v2.0.4-ubi
  - quay.io/sysdig/ntp-exporter:v2.0.4
- PHP-FPM:
  - quay.io/sysdig/php-fpm-exporter:v2.3.2-ubi
  - quay.io/sysdig/php-fpm-exporter:v2.3.2
- PostgreSQL:
  - quay.io/sysdig/postgresql-exporter:v0.10.8-ubi
  - quay.io/sysdig/postgresql-exporter:v0.10.8
- Redis:
  - quay.io/sysdig/redis-exporter:v1.43.1-ubi
  - quay.io/sysdig/redis-exporter:v1.43.1

Sysdig On-Premise

The 5.1.2-2 release is the latest for on-prem installs.

This release adds support for Openshift 4.10

The full release notes can be found here: Sysdig Docs or Github.

What’s new in Sysdig – July 2022