What’s New in Sysdig – May 2024

“What’s New in Sysdig” is back with the May 2024 edition! My name is Dustin Krysak. I’m a Customer Solutions Engineer based in Vancouver, BC, and I’m excited to share our latest updates.

The Sysdig Threat Research Team (TRT) has been busy recently investigating and analyzing new security threats. Their research has uncovered notable vulnerabilities and attack vectors, which they’ve shared insights about through the Sysdig blog. These blog posts include an in-depth look at RUBYCARP, a long-running botnet, and LLMjacking, a technique that can leverage large language models for malicious purposes.

This month, we also announced our latest initiative, the Runtime Insights Partner Ecosystem. If interested, you can check out our blog post and the official press release.

Sysdig Secure

RBAC Permissions Available in Vulnerability Management

Administrators can now create RBAC roles and define which roles can access the Vulnerability Management, Policy, Reporting, and Risk Acceptance functions. For more information, see Custom Roles.

• Release notes

New Version Releases

Stay up-to-date with the latest releases for our scanning tools. May’s updates bring improved functionality, bug fixes, and security enhancements. 

Sysdig CLI Scanner V1.10.0

• Release notes

Runtime Scanner V1.7.0

• Release notes

Host Scanner V0.10.0

• Release notes

Upgrading is easy, but feel free to reach out if you have any questions.

Sysdig Monitor

Alert Editor

When creating alerts, the Alert Editor automatically displays the optimal time window for your alert rule, and every data point in the alert preview now corresponds with an evaluation of an alert rule. You can also Explore Historical Data for Metric alerts 

• Release notes

Sysdig Agents

13.20.0: Enhanced coverage and visibility

Our latest agent update adds support for Suse Linux and increased visibility into JMX and non-interactive commands.  

• Release notes

Suse Linux Enterprise Server Support

You can now install the Sysdig Agent on SLES 12 and SLES 15.

•  Release notes

Capture Non-Interactive Commands in Activity Audit

Activity audit can now capture and report non-interactive commands.

• Release notes

Support for Adding Labels to JMX Metrics

Sysdig added support for labels on JMX metrics collected by the agent. For more information, see Collect JMX Labels.

• Release notes

Defect Fixes

We have several fixes for our agent that landed in May. The complete list can be seen in the release notes.

SDK, CLI, and Tools

Terraform Provider V1.26.0

• Adds the ability to create, update, and delete posture policies.

For more information, see our Terraform Provider docs.

Sysdig Cloud Connector V0.16.66

• Makes secure_api_token optional in cluster-shield

Admission Controller v3.9.45

This release is available under helm chart 0.16.2.

• Makes secure_api_token optional in cluster-shield

Sysdig Secure Jenkins Plugin v2.3.1 

• Bump embedded scanner to 1.9.2
• Bug fixes:
  • Ensure that all the logs from the embedded scanner have been written to file for proper retrieval by the trailer
  • Increase the waiting time before stopping the logs trailer to 2s
  • Ensure proper management of vuln-list inside result json
  • Use imageTag (if available) when all policy evaluations pass

Prometheus Integration v1.29.0

• APPLY changes over PromQl labels on cluster status dashboards
• ADD restarted pods toplist panel to cluster status dashboard
• New version mysql-exporter fixing HIGH vulnerabilities
• New version php-fpm_exporter fixing HIGH vulnerabilities

Open Source

Falco

Falco 0.37.1 is the latest stable release.

New Website Resources

Blogs 

• Leadership Strategies for Risk Reduction, Transparency, and Speed
• Optimizing Wireshark in Kubernetes
• The Urgency of Securing AI Workloads for CISOs
• Cloud Security and Compliance: A Smarter Approach to Keeping Your Head Above Water
• The Race for Artificial Intelligence Governance
• Accelerating AppSec with Mend.io and Sysdig
• LLMjacking: Stolen Cloud Credentials Used in New AI Attack
• Sysdig Launches Runtime Insights Partner Ecosystem to Combat Active Cloud Risk and Stop Attacks
• Strengthening Cloud Security Together: Meet the Runtime Insights Partner Ecosystem
• Sysdig Launches AI Workload Security to Mitigate Active AI Risk
• How Businesses Can Comply with the EU’s Artificial Intelligence Act

Webinars

• May 28: Webinar | Navigating “Shift-left” in Container Security
• May 29: How to Safeguard GenAI Workloads in Exposed Environments
• June 18: Secure Your AWS Workloads From Code to Cloud
• June 19: Active Cloud Risk. How to Combat the Most Critical Threats
• June 25: Fast-Track True Cloud-Native Investigation: Winning the Race Against Cybercriminals

Sysdig Training

Kraken Discovery Labs

Attacks no longer take days—they take minutes. Cloud security requires a modern detection and response benchmark. The 555 benchmark specifies that you have 5 seconds to detect, 5 minutes to triage, and 5 minutes to respond.

In this 60-minute workshop, you’ll execute actual cloud attacks like SCARLETEEL and then assume the role of the defender, leveraging threat-hunting strategies to detect and respond immediately in the cloud.

You can sign up for this lab on our website.

Instructor Led Training

We have a new Azure-specific Cloud Security Posture Management (CSPM) lab available for ILT (Instructor Led Training) delivery. This ILT content included the concepts of zones and Infrastructure as Code, integrated with source control using GitHub or GitLab.

If you are interested in learning more about how to schedule an ILT workshop, please contact your account team.