It’s time for another publication of What’s New in Sysdig in 2022! I’m in charge of the “What’s new in Sysdig” blog for the month of July! Hello, I’m Tom Linkin, a Sr. Solutions Engineer based in the Poconos up in Pennsylvania. I joined the incredible group of people at Sysdig nine months ago and have been helping support sales in the greater NYC region ever since. As cloud security needs continue to evolve, so does Sysdig, and I can’t wait for you to see what we have in store for the future!
This month’s highpoints include the addition of CloudWatch Metric Streams to Sysdig Monitor. There have also been plenty of updates to the various components in the Sysdig ecosystem.
Integrate AWS CloudWatch metric streams
Sysdig Monitor now can ingest metrics directly from Kinesis Firehose, allowing you to fully integrate all your existing AWS service metrics into Sysdig Monitor.
In addition, we have also released nine out-of-the-box dashboards and alerts for the following AWS CloudWatch Metric Streams services:
- AWS ALB
- AWS EBS
- AWS ELB
- AWS Fargate
- AWS Lambda
- AWS RDS
- AWS S3
- AWS SQS
For more information on collecting AWS metrics, see this blog.
Stay tuned for exciting new developments in Sysdig Secure in the next edition of What’s New.
This month, we have:
v0.74.3 is the latest version. Here are some highlights of the changes from
v0.74.3, which we covered in June.
Created the following rules:
- GCP App Engine Firewall Rule Deleted
- GCP App Engine Firewall Rule Updated
- GCP Create Cloud Function v2 Not Using Latest Runtime
- GCP Create Cloud Function v2
- GCP Compute Firewall Rule Deleted
- GCP Compute Firewall Rule Updated
- GCP Delete Compute VM Instance
- GCP Update Cloud Function v2
- Malicious Environment Variable in Spawned Process
- nsenter Container Escape
Further details and the full changelog can be found on Sysdig documentation.
The latest Sysdig Agent release is
Please refer to our v12.7.1 Release Notes for further details.
SDK, CLI, and tools
v0.7.14 is still the latest release. The instructions on how to use the tool and the release notes from previous versions are available at the following link:
v0.16.4 is the new release with some minor fixes and updates.
v0.5.39 is the newest release, which included a minor json fix.
Documentation – https://registry.terraform.io/providers/sysdiglabs/sysdig/latest/docs
Github link – https://github.com/sysdiglabs/terraform-provider-sysdig
AWS Sysdig Secure for Cloud has a new release! –
v0.9.4 includes some minor fixes and new features
GCP Sysdig Secure for Cloud has not changed and is still
Azure Sysdig Secure for Cloud has not changed and is still
Note: Please check release notes for potential breaking changes
Falco Visual Studio Code Extension
v0.1.0 continues to be the latest release.
Sysdig Cloud Connector
Sysdig Cloud Connector has not changed and remains at release
Check the list of changes to get full details.
Sysdig Admission Controller has not changed and is still
Documentation – https://docs.sysdig.com/en/docs/installation/admission-controller-installation/
Runtime Vulnerability Scanner
The new vuln-runtime-scanner has been updated to release
Documentation – https://docs.sysdig.com/en/docs/sysdig-secure/vulnerabilities/runtime
Sysdig CLI Scanner
Sysdig CLI Scanner binary has been updated to
Note: If you are using this binary for local scanning in your development environment or your pipeline does not automatically pull the latest binary, we recommend you update. Follow the instructions in the documentation to retrieve the latest binary. The documented steps work well in a pipeline too when your CI/CD pipelines can access the Internet. Really, it’s best to assume there’s always a new release!
Documentation – https://docs.sysdig.com/en/docs/sysdig-secure/vulnerabilities/pipeline/
Sysdig Image analyzer has had a release! – v0.1.18.
Sysdig Host Analyzer has had a release! –
Sysdig Secure Inline Scan for Github Actions
The latest release is still
Sysdig Secure Jenkins Plugin
There has been a release! The latest version is now
There have been a few releases in the Prometheus Integrations space since the last post. An aggregate of changes is below.
- fix: Prometheus job of Kubernetes CoreDNS not being able to get metrics because of error in port endpoint
- feat: Added metric to kubelet job
- fix: Added php-fpm logo in the docs
Dashboards and alerts:
- feat: Added updated “Time Series Usage” dashboard template to the repo
- fix: AWS MetricStreams dashboard templates not being displayed
- feat: Removed deprecated ‘OutOfDisk’ condition on Node Status and Performance dashboard
- feat: Published alert templates for AWS MetricsStreams integrations:
- ALB, EBS, ELB, ECS-Fargate, Lambda, RDS, S3, SQS
- fix: Changed titles in panel of capacity planning dashboard to reflect only containers’ resource usage
- fix: Changed “sysdig_shares_count” per “kube_resources_requests” in all dashboard templates
- fix: Fixed minor typo in a MySQL alert name
- fix: Error in JMX exporter image.
- fix: Fixed port in Memcached exporter scratch image.
- fix: Security updates in UBI images of all exporters:
- Node exporter:
5.1.2-2 release is the latest for on-prem installs.
This release adds support for Openshift 4.10
The full release notes can be found here: Sysdig Docs or Github.
New website resources
- How to Monitor PHP-FPM with Prometheus
- Prometheus 2.37 – The first long-term supported release!
- Collect critical AWS metrics faster with Sysdig
- How to secure Kubernetes deployment with signature verification
- Detecting suspicious activity on AWS using cloud logs
- How attackers use exposed Prometheus server to exploit Kubernetes clusters
- Adapting security to Amazon EKS Anywhere on Bare Metal
- How to monitor nginx in Kubernetes with Prometheus
- July 26 – Troubleshoot Kubernetes in A Snap with Sysdig Monitor Advisor
- Aug. 02 – How to be Compliant with Mandates from SOC2, PCI, NIST etc. for your AWS Cloud infrastructure
- Aug. 04 – FIND, FOCUS, and FIX the Cloud Threats that Matter Solutions Forum
- Aug. 09 – Securing Serverless Containers on AWS Fargate
- Aug. 11 – Finding Suspicious Events with AWS CloudTrail: Fundamentals and Best Practices
- July 26-27, AWS Reinforce 2022, Boston MA
- Aug. 6-11, Blackhat USA 2022, Las Vegas NV
- Oct. 10-12, ISC2, Las Vegas NV
- Oct. 11-13, Google Next, San Francisco CA
- Oct. 24-28, Kubecon NA 2022, Detroit MI
- Nov. 28 – Dec. 2, AWS Reinvent, Las Vegas NV