What’s New in Sysdig – February 2024

By Devin Limo - FEBRUARY 29, 2024


Hey there! I’m Devin Limo, a Senior Customer Solutions Architect here at Sysdig. February was a whirlwind, and we’ve got some awesome updates you don’t want to miss. From deep dives into critical vulnerabilities to game-changing product updates, we’ve got you covered.

Hot off the press: Falco has graduated within the Cloud Native Computing Foundation (CNCF)! This milestone highlights the growing importance of runtime security and Falco’s role in protecting cloud environments. Here are some thoughts from our CTO and Founder, Loris Degioanni.

In case you missed it, you should check out our blog post, Detecting ‘Leaky Vessels’ Exploitation in Docker and Kubernetes. We discussed four new vulnerabilities recently discovered by Snyk, their implications, and how Falco and Sysdig Secure can ultimately come together to detect and mitigate the threats.

And that was just from the beginning of the month. Let’s explore the rest of February’s highlights!

Sysdig Secure

Alerting for Vulnerability Policies

Get instant vulnerability alerts with flexible policy-based notifications. Link your Vulnerability Management (VM) policies to Slack, PagerDuty, Teams, Amazon SNS, or your preferred channel for near real-time alerts on your runtime workloads or CI/CD pipelines. Customize your notifications wisely – only you can prevent another muted Slack channel.

New Activity Audit Features in Kubernetes Live

Drill down into your environment with two new features – CMD Overlay and Network Tables. With granular Activity Audit filtering, zero in on exactly what commands were executed and where. Then, uncover the details of each network request for a complete picture. Go ahead, take a closer look! 👀

New Runtime Resource Types

Unlock deeper AWS insights with newly added support for these runtime resources:

  • IAM Role Policy Attachment
  • Lambda Function Alias
  • Lambda Function URL Configuration
  • Lambda Policy
  • Lambda Provisioned Concurrency Config

P.S. We now support 122 different runtime resource types! 

Simplify Sysdig Configuration with Enhanced Terraform Providers

Streamline your Sysdig deployments across AWS, Azure, and GCP using our ever-evolving Terraform providers. Get the flexibility you need to manage complex environments using IaC. 

This month, we added support for 38 new resource types.

  • AWS: 85% parity, 99 total supported resource types
  • Azure: 99% parity, 57 total supported resource types
  • GCP: 15% parity, 32 total supported resource types

Posture and Compliance Controls, Tailored to You

This month, we unveiled 24 new high-profile controls and 28 new personalized controls for Sysdig Secure. Demystify compliance results by seeing exactly what’s being evaluated. Need to make adjustments? Edit parameters to perfectly align scanning with your organization’s specific needs. 

See the complete list of customizable controls.

New Version Releases

Stay up-to-date with the latest releases for our scanning tools. February’s updates bring improved functionality, bug fixes, and security enhancements. 

Upgrading is easy, but feel free to reach out if you have any questions.

Sysdig Monitor

Enhanced Alert Notifications with Automatic Label Enrichment

Sysdig Monitor now delivers even more actionable alerts. When an alert rule triggers, crucial contextual labels like host_hostname, cloud_provider_region, and kube_cluster_name are automatically added to the notification. This goes beyond what’s available in OSS Prometheus, giving you pinpointed details for quick issue identification and troubleshooting for Metric and PromQL alerts.

Sysdig Agents

Sysdig Agent 12.20.0: Streamlined Configuration and Optimized Performance

Our latest update brought several improvements to the Sysdig Agent, focusing on easier setup and enhanced handling of demanding workloads.

Simplified Runtime Detection Configuration

We’ve removed the sysdig_secure.enabled tag for a cleaner configuration process. To check if runtime detection is enabled, simply look for the agent_secure_enabled label in the sysdig_agent_info metric.

Adaptive Kernel Sampling

The agent now responds more effectively to high event loads. This optimization means smoother performance and more reliable insights, even during busy periods.

Container Actions and Captures

Extend your security toolkit with new actions in Container Drift and Malware policies. You now have the ability to:

  • Create capture files for in-depth analysis
  • Kill, Pause, or Stop containers in response to threats

Important Note: Malware policies are currently in Controlled Availability. Get in touch with Sysdig Support to explore this feature.

SDK, CLI, and Tools

Sysdig Python SDK

The latest version is v0.17.1. See the Sysdig Python SDK GitHub for details.

Sysdig CLI

The latest release is v0.8.2. See the Sysdig Platform CLI docs for more information.

Terraform Provider

We recently released v1.22.0 of the Sysdig Terraform Provider. For more information, see our Terraform Provider docs.

Terraform Modules

  • AWS Sysdig Secure for Cloud remains unchanged at v10.0.9
  • GCP Sysdig Secure for Cloud remains unchanged at v0.9.10
  • Azure Sysdig Secure for Cloud remains unchanged at v0.9.7

Other Tools

Falco VSCode Extension: The latest release is v0.1.0. Check out GitHub for more info.

Sysdig Cloud Connector: New Cloud Connector changes to (v0.16.61).

Admission Controller: New Admission Controller release (3.9.37) and helm chart (0.15.0).

Sysdig CLI Scanner: The Sysdig CLI Scanner latest version is (v1.8.5). See more info here on how to implement the CLI Scanner in your pipeline.

Sysdig Secure Jenkins Plugin: The latest release is v2.3.0.

Sysdig Secure Inline Scan (GitHub Action): The latest release is v3.6.0.

Open Source


Falco 0.37.1 is the latest stable release.

Website Resources


Cloud-Native Security Redefined: Introducing Real-Time Responses with Falco Talon

Navigating Cloud Threats: The Art of Swift Detection and Response

How to Stop Cloud Attacks in Real-Time with Runtime Insights


Celebrating Falco’s Journey to CNCF Graduation

Container Drift Detection with Falco

Beat the Clock: Meet the 5/5/5 Detection and Response Benchmark With Sysdig and Tines

Sysdig Named Leader and Outperformer in GigaOm Radar for Container Security

SSH-Snake: New Self-Modifying Worm Threatens Networks

The Power of Prioritization: Why Practitioners Need CNAPP with Runtime Insights

Ephemeral Containers and APTs

Exploring Syscall Evasion – Linux Shell Builtins

Cloud Security and the Power of Runtime Insights

Resource Constraints in Kubernetes and Security

SBOM as a Core Element in Sysdig’s CNAPP Strategy for Enhanced Security

KuppingerCole Names Sysdig a Product and Innovation Leader for CNAPP

How to Secure Your Cloud Credentials Against AndroxGh0st

Cybersecurity in the Age of Regulation

Kernel Introspection from Linux to Windows

Detecting ‘Leaky Vessels’ Exploitation in Docker and Kubernetes

Subscribe and get the latest updates