What’s New in Sysdig – May 2024

By Dustin Krysak - MAY 30, 2024


“What’s New in Sysdig” is back with the May 2024 edition! My name is Dustin Krysak. I’m a Customer Solutions Engineer based in Vancouver, BC, and I’m excited to share our latest updates.

The Sysdig Threat Research Team (TRT) has been busy recently investigating and analyzing new security threats. Their research has uncovered notable vulnerabilities and attack vectors, which they’ve shared insights about through the Sysdig blog. These blog posts include an in-depth look at RUBYCARP, a long-running botnet, and LLMjacking, a technique that can leverage large language models for malicious purposes.

This month, we also announced our latest initiative, the Runtime Insights Partner Ecosystem. If interested, you can check out our blog post and the official press release.

Sysdig Secure

RBAC Permissions Available in Vulnerability Management

Administrators can now create RBAC roles and define which roles can access the Vulnerability Management, Policy, Reporting, and Risk Acceptance functions. For more information, see Custom Roles.

New Version Releases

Stay up-to-date with the latest releases for our scanning tools. May’s updates bring improved functionality, bug fixes, and security enhancements. 

Sysdig CLI Scanner V1.10.0

Runtime Scanner V1.7.0

Host Scanner V0.10.0

Upgrading is easy, but feel free to reach out if you have any questions.

Sysdig Monitor

Alert Editor

When creating alerts, the Alert Editor automatically displays the optimal time window for your alert rule, and every data point in the alert preview now corresponds with an evaluation of an alert rule. You can also Explore Historical Data for Metric alerts 

Sysdig Agents

13.20.0: Enhanced coverage and visibility

Our latest agent update adds support for Suse Linux and increased visibility into JMX and non-interactive commands.  

Suse Linux Enterprise Server Support

You can now install the Sysdig Agent on SLES 12 and SLES 15.

Capture Non-Interactive Commands in Activity Audit

Activity audit can now capture and report non-interactive commands.

Support for Adding Labels to JMX Metrics

Sysdig added support for labels on JMX metrics collected by the agent. For more information, see Collect JMX Labels.

Defect Fixes

We have several fixes for our agent that landed in May. The complete list can be seen in the release notes.

SDK, CLI, and Tools

Terraform Provider V1.26.0

  • Adds the ability to create, update, and delete posture policies.

For more information, see our Terraform Provider docs.

Sysdig Cloud Connector V0.16.66

  • Makes secure_api_token optional in cluster-shield

Admission Controller v3.9.45

This release is available under helm chart 0.16.2.

  • Makes secure_api_token optional in cluster-shield

Sysdig Secure Jenkins Plugin v2.3.1 

  • Bump embedded scanner to 1.9.2
  • Bug fixes:
    • Ensure that all the logs from the embedded scanner have been written to file for proper retrieval by the trailer
    • Increase the waiting time before stopping the logs trailer to 2s
    • Ensure proper management of vuln-list inside result json
    • Use imageTag (if available) when all policy evaluations pass

Prometheus Integration v1.29.0

  • APPLY changes over PromQl labels on cluster status dashboards
  • ADD restarted pods toplist panel to cluster status dashboard
  • New version mysql-exporter fixing HIGH vulnerabilities
  • New version php-fpm_exporter fixing HIGH vulnerabilities

Open Source


Falco 0.37.1 is the latest stable release.

New Website Resources



Sysdig Training

Kraken Discovery Labs

Attacks no longer take days—they take minutes. Cloud security requires a modern detection and response benchmark. The 555 benchmark specifies that you have 5 seconds to detect, 5 minutes to triage, and 5 minutes to respond.

In this 60-minute workshop, you’ll execute actual cloud attacks like SCARLETEEL and then assume the role of the defender, leveraging threat-hunting strategies to detect and respond immediately in the cloud.

You can sign up for this lab on our website.

Instructor Led Training

We have a new Azure-specific Cloud Security Posture Management (CSPM) lab available for ILT (Instructor Led Training) delivery. This ILT content included the concepts of zones and Infrastructure as Code, integrated with source control using GitHub or GitLab.

If you are interested in learning more about how to schedule an ILT workshop, please contact your account team.

Subscribe and get the latest updates