What’s new in Sysdig – June 2022

Watch On Demand! FIND, FOCUS, and FIX the Cloud Threats that Matter with Accenture, AWS, Expel, Snyk, Sysdig and SANS

It’s time for another publication of What’s New in Sysdig in 2022! I’m in charge of the “What’s new in Sysdig” blog for the month of June! Hello, I’m Majid Hussain, a Sr. Customer Solutions Engineer based in Morrisville, NC, working with the Sysdig US East Customer Success team since Aug. 2021.
My desire to learn more about containers, Kubernetes, and cloud is what landed me at Sysdig and boy am I learning here! Go Sysdig!

This month’s highpoints include some fine touches we’ve brought into Sysdig Monitor with the ability to view live logs on a container, translate form-queries into PromQL, multi-query support for stacked area charts. Drift Control makes its way into the Sysdig Secure side.

Sysdig Monitor

There are a lot of new changes in Sysdig Monitor. Check our release page for the complete list.

Live logs

Advisor displays live logs for a container, which is the equivalent of running kubectl logs. This strengthens Monitor for troubleshooting, allowing users to debug problems such as pods in a CrashLoopBackOff state. It also consolidates tooling, reducing the need to use other tools and keeping users in the product for troubleshooting and RCA.

Note: Live logs are tailed on-demand and, thus, not persisted. After a session is closed they are no longer accessible.

Live logs will be enabled by default in agent 12.7.0 (pending release) or newer. Agent 12.6.0 supports live logs but must be manually enabled. Older versions of the Sysdig Agent do not support live logs.

For more details, please refer to the Live Logs docs.

Translate form-query to PromQL

Advanced Prometheus knowledge is no longer required to build complex PromQL queries in Sysdig Monitor. With a single click, you can translate a form query to PromQL and build PromQL-based dashboards in no time. For more information, see Build PromQL Panels from Form Query.

Multi-query support for stacked area charts

Timechart now supports visualizing multiple queries as stacked areas in the same y-axis.

With this feature, it’s easier to visualize and compare sparse metrics.

Sysdig Secure

Container drift

Drift Control detects and prevents execution of executable files that were added or modified after a container is deployed into production. It uses real-time deep visibility into running containers to automatically identify those spurious executables.

It can be enabled in detection mode to alert on attempts to run packages or binary files that were added or modified at runtime, such as:

  • Execute a package that was downloaded or updated with package manager
  • Execute a file whose permission/attribute has been changed to executable

And if in prevention mode, Drift Control blocks those detected new executables from running.

For more details, please read our blog on container drift.

Falco rules

v0.74.3 is the latest version. Here are some highlights of the changes from v0.67.1, which we covered in May.

Added the following rules:

  • AWS Suspicious IP Inbound Request
  • eBPF Program Loaded into Kernel

Further details and the full changelog can be found on Sysdig documentation.

Sysdig Agents

The latest Sysdig Agent release is v12.6.0.

Please refer to our v12.6.0 Release Notes for further details.

SDK, CLI, and tools

Sysdig CLI

v0.7.14 is still the latest release (Download Link). The instructions on how to use the tool and the release notes from previous versions are available at the following link:

https://sysdiglabs.github.io/sysdig-platform-cli/

Python SDK

v0.16.3 is still the latest release, which we covered in our October update.

https://github.com/sysdiglabs/sysdig-sdk-python/releases/tag/v0.16.3

Terraform Provider

v0.5.37 is the newest release.

Documentation – https://registry.terraform.io/providers/sysdiglabs/sysdig/latest/docs

Github link – https://github.com/sysdiglabs/terraform-provider-sysdig

Terraform Modules

AWS Sysdig Secure for Cloud has a new release! – v0.9.1

GCP Sysdig Secure for Cloud has a new release! – v0.9.0

Azure Sysdig Secure for Cloud has a new release! – v0.9.0

Note: Please check release notes for potential breaking changes

Falco vs. Code Extension

v0.1.0 continues to be the latest release.

https://github.com/sysdiglabs/vscode-falco/releases/tag/v0.1.0

Sysdig Cloud Connector

Sysdig Cloud Connector has seen an updated release to v0.16.11.

Features include:

  • Added aws-cloudtrail-s3-sns-sqs-eventbridge ingestor
  • Appended new exceptions if fields are present
  • Updated yaml v2 to v3

Check the list of changes to get full details.

Admission Controller

Sysdig Admission Controller has been updated to v3.9.5.

Changes since v3.9.3 include:

  • Added helpers to troubleshoot rules parse error
  • Updated yaml v2 to v3
  • Appended new exceptions if fields are present

Documentation – https://docs.sysdig.com/en/docs/installation/admission-controller-installation/

Runtime Vulnerability Scanner

The new vuln-runtime-scanner has been updated to release v1.1.1.

This release contains the following change:

  • Optimized requests performed on the Kubernetes API

Documentation – https://docs.sysdig.com/en/docs/sysdig-secure/vulnerabilities/runtime

Sysdig CLI Scanner

Sysdig CLI Scanner binary has been updated to v1.1.1.

Note: If you are using this binary for local scanning in your development environment or your pipeline does not automatically pull the latest binary, we recommend you update. Follow the instructions in the documentation to retrieve the latest binary. The documented steps work well in a pipeline too when your CI/CD pipelines can access the Internet. Really, it’s best to assume there’s always a new release!

Documentation – https://docs.sysdig.com/en/docs/sysdig-secure/vulnerabilities/pipeline/

Image Analyzer

Sysdig Image analyzer latest version is still v0.1.17.

Host Analyzer

Sysdig Host Analyzer latest version is still v0.1.7.

Documentation – https://docs.sysdig.com/en/docs/installation/node-analyzer-multi-feature-installation/#node-analyzer-multi-feature-installation

Sysdig Secure Inline Scan for Github Actions

A new release is available! The release is v3.4.0.

https://github.com/marketplace/actions/sysdig-secure-inline-scan

Sysdig Secure Jenkins Plugin

The version has not changed since the last blog and is still v2.1.14.

https://plugins.jenkins.io/sysdig-secure/

Prometheus Integrations

There have been a few releases in the Prometheus Integrations space since the last post. An aggregate of changes is below.

Integrations

  • feat: Added Fluentd integration
  • feat: Added NTP integration
  • feat: Added support for CA files in ElasticSearch exporter Helm chart
  • fix: Removed duplicated securityContext in ElasticSearch exporter Helm chart
  • refactor: Changed the ElasticSearch wizard and Helm chart to use secrets for URL of the ElasticSearch server
  • refactor: Bumped helm chart repository version to include NTP exporter and fixes in Elasticsearch
  • feat: Added HaProxy integration
  • feat: Added PHP-fpm integration
  • feat: Split Kubelet PVC-and-Storage integration in two different ones (PVC and Storage)
  • feat: Enabled by default Kubelet-PVC metrics
  • feat: Added README file to KSM-cAdvisor helm chart
  • feat: Updated agent jobs for kube-controller-manager and kube-scheduler to support HTTPS and authentication
  • fix: Helm chart for ElasticSearch exporter. Also added CA certificates option.
  • fix: Added README file to OSS KSM helm chart
  • fix: Public Readme file of the helm charts was not updating
  • fix: NTP wizard was not rendering after prerequisites
  • fix: Added logo to Fluentd integration
  • docs: Created a new page in docs with automated info on the current supported integrations
  • fix: Added php-fpm logo
  • feat: Disabled by default Kubelet-PVC metrics
  • fix: Elastic chart typo

Dashboards and alerts

  • feat: Added Fluentd dashboard and alert templates
  • feat: Added NTP dashboard and alert templates
  • feat: Added dashboard and alert templates for HAProxy
  • fix: Changes in the rules to show/hide Kubernetes dashboards to prevent hiding when unstable metrics or disconnected agents
  • fix: Fixed waiting time in Portworx alert templates with predict linear functions
  • fix: Fixed used request in the cluster capacity planning
  • fix: Fixed minor typos in NTP dashboard

Exporter images

  • feat: Added exporter images for NTP exporter:
    • quay.io/repository/sysdig/ntp-exporter:v2.0.3
    • quay.io/repository/sysdig/ntp-exporter:v2.0.3-ubi
  • feat: New exporter image for PHP-FPM:
    • quay.io/sysdig/php-fpm-exporter:v2.3.0
    • quay.io/sysdig/php-fpm-exporter:v2.3.0-ubi
  • fix: Fixed and updated the JMX exporter image
    • quay.io/sysdig/promcat-jmx-exporter:v0.17.0
    • quay.io/sysdig/promcat-jmx-exporter:v0.17.0-ubi

Promcat.io

  • feat: Added HaProxy 2.3
  • feat: Added PHP-FPM integration
  • fix: Moved Cassandra exporter image to quay

Sysdig On-Premise

The 5.1.2 On-Premise minor release remains the latest.

The full release notes can be found here: Sysdig Docs or Github.

New website resources

Blogs

Webinars

Tradeshows

Education

Stay up to date

Sign up to receive our newest.

Related Posts

What’s new in Sysdig – May 2022

5 reasons why Sysdig partners with Proofpoint to enhance cloud security

Preventing container runtime attacks with Sysdig’s Drift Control