What’s New in Sysdig - February 2024

Hey there! I’m Devin Limo, a Senior Customer Solutions Architect here at Sysdig. February was a whirlwind, and we’ve got some awesome updates you don’t want to miss. From deep dives into critical vulnerabilities to game-changing product updates, we’ve got you covered.

Hot off the press: Falco has graduated within the Cloud Native Computing Foundation (CNCF)! This milestone highlights the growing importance of runtime security and Falco’s role in protecting cloud environments. Here are some thoughts from our CTO and Founder, Loris Degioanni.

In case you missed it, you should check out our blog post, Detecting ‘Leaky Vessels’ Exploitation in Docker and Kubernetes. We discussed four new vulnerabilities recently discovered by Snyk, their implications, and how Falco and Sysdig Secure can ultimately come together to detect and mitigate the threats.

And that was just from the beginning of the month. Let’s explore the rest of February’s highlights!

Sysdig Secure

Alerting for Vulnerability Policies

Get instant vulnerability alerts with flexible policy-based notifications. Link your Vulnerability Management (VM) policies to Slack, PagerDuty, Teams, Amazon SNS, or your preferred channel for near real-time alerts on your runtime workloads or CI/CD pipelines. Customize your notifications wisely – only you can prevent another muted Slack channel.

New Activity Audit Features in Kubernetes Live

Drill down into your environment with two new features – CMD Overlay and Network Tables. With granular Activity Audit filtering, zero in on exactly what commands were executed and where. Then, uncover the details of each network request for a complete picture. Go ahead, take a closer look! 👀

New Runtime Resource Types

Unlock deeper AWS insights with newly added support for these runtime resources:

IAM Role Policy Attachment
Lambda Function Alias
Lambda Function URL Configuration
Lambda Policy
Lambda Provisioned Concurrency Config

P.S. We now support 122 different runtime resource types!

Simplify Sysdig Configuration with Enhanced Terraform Providers

Streamline your Sysdig deployments across AWS, Azure, and GCP using our ever-evolving Terraform providers. Get the flexibility you need to manage complex environments using IaC.

This month, we added support for 38 new resource types.

AWS: 85% parity, 99 total supported resource types
Azure: 99% parity, 57 total supported resource types
GCP: 15% parity, 32 total supported resource types

Posture and Compliance Controls, Tailored to You

This month, we unveiled 24 new high-profile controls and 28 new personalized controls for Sysdig Secure. Demystify compliance results by seeing exactly what’s being evaluated. Need to make adjustments? Edit parameters to perfectly align scanning with your organization’s specific needs.

See the complete list of customizable controls.

New Version Releases

Stay up-to-date with the latest releases for our scanning tools. February’s updates bring improved functionality, bug fixes, and security enhancements.

Upgrading is easy, but feel free to reach out if you have any questions.

Sysdig Monitor

Enhanced Alert Notifications with Automatic Label Enrichment

Sysdig Monitor now delivers even more actionable alerts. When an alert rule triggers, crucial contextual labels like host_hostname, cloud_provider_region, and kube_cluster_name are automatically added to the notification. This goes beyond what’s available in OSS Prometheus, giving you pinpointed details for quick issue identification and troubleshooting for Metric and PromQL alerts.

Sysdig Agents

Sysdig Agent 12.20.0: Streamlined Configuration and Optimized Performance

Our latest update brought several improvements to the Sysdig Agent, focusing on easier setup and enhanced handling of demanding workloads.

Simplified Runtime Detection Configuration

We’ve removed the sysdig_secure.enabled tag for a cleaner configuration process. To check if runtime detection is enabled, simply look for the agent_secure_enabled label in the sysdig_agent_info metric.

Adaptive Kernel Sampling

The agent now responds more effectively to high event loads. This optimization means smoother performance and more reliable insights, even during busy periods.