What’s new in Sysdig – May 2022

By Wesley MacKay - MAY 26, 2022

SHARE:

Facebook logo LinkedIn logo X (formerly Twitter) logo

Welcome to another edition of What’s New in Sysdig in 2022! The “What’s new in Sysdig” blog is now under my control! Hello, I’m Wes MacKay, a Sales Engineer based out of Dallas, TX working with the Sysdig US West Corporate team. I’m way too passionate about containerization, personal cloud storage, and automating my home life. In my spare time, I’m always looking for better Thai and Sushi restaurants in my area.

This month’s highlights include a new feature Sysdig Advisor for faster troubleshooting and Container Drift for detecting deviation of code in runtime.

Sysdig Platform Architecture

Sysdig Platform Audit Trail

We are happy to announce that Sysdig Platform Architecture now supports the capability of tracking, logging, and reporting on all changes in the system. This is enabled by default for all SaaS customers. Event forwarding support for this feature will also be included in the near future.

For additional information, please visit our Release notes for Secure and Monitor.

Sysdig for Cloud

Sysdig earned the badge AWS Well Architected Framework Partners for the category of “Security Management” and has been added to the Management and Governance Cloud Environment Guide.

Sysdig Monitor

Advisor

We’re excited to announce Advisor, a new Kubernetes troubleshooting product in Sysdig Monitor, that accelerates troubleshooting by up to 10x. Advisor displays a prioritized list of issues and relevant troubleshooting data to surface the biggest problem areas and accelerate time to resolution.

Advisor is now available to all customers at no additional cost, and additional troubleshooting features will be added over the coming weeks.

Enhanced Metric Store

Sysdig has launched our next generation metric store, introducing a number of new features, as well as changes to and removal of some features in Sysdig Monitor.

Some improvements include:

  • Metrics are now unified in a Prometheus compatible naming convention.
  • Existing dashboards, alerts, and notifications will be automatically migrated to the new naming convention.
  • Queries will perform faster and handle larger volumes of data.
  • Number panels, tables, histograms, and toplist panels can now show the latest value for an entity.
  • You can display metrics with differently scraped intervals. For example 10s and 1m on the same graph.

Check out the Release Notes for the full list of new and changed features.

Sysdig Secure

Falco Rules

v0.67.1 is the latest version. Here there are some highlights of the changes from v0.50.5, which we covered in April.

Added the following rules:

  • Tampering with Security Software in Container
  • Execution of binary using ld-linux
  • Possible Backdoor using BPF

Further details and the full changelog can be found on Sysdig documentation.

Sysdig Agents

The latest Sysdig Agent release is v12.5.0. Below is a diff of updates since v12.2.0, which we covered in our last update.

  • Default Availability of Slim Agent
  • Container DriftControl: Detect and Prevent Drift in Container Runtime
  • Disable Syscalls for Secure Modes

Please refer to our v12.5.0 Release Notes for further details.

SDK, CLI and Tools

Sysdig CLI

v0.7.14 is still the latest release (Download Link). The instructions on how to use the tool and the release notes from previous versions are available at the following link:

https://sysdiglabs.github.io/sysdig-platform-cli/

Python SDK

v0.16.3 is still the latest release, which we covered in our October update.

https://github.com/sysdiglabs/sysdig-sdk-python/releases/tag/v0.16.3

Terraform Provider

v0.5.37 is the newest release.

Documentation – https://registry.terraform.io/providers/sysdiglabs/sysdig/latest/docs

Github link – https://github.com/sysdiglabs/terraform-provider-sysdig

Terraform Modules

AWS Sysdig Secure for Cloud: v0.8.2 is still the latest release.

GCP Sysdig Secure for Cloud: v0.8.5 is still the latest release.

Azure Sysdig Secure for Cloud: v0.8.0 is still the latest release.

  • Note: Azure Sysdig Secure for Cloud includes a breaking change to align to the new v3.0 version of the AzureRM Provider.

Falco VS Code Extension

v0.1.0 continues to be the latest release.

https://github.com/sysdiglabs/vscode-falco/releases/tag/v0.1.0

Sysdig Cloud Connector

Sysdig Cloud Connector has seen an updated release to v0.16.8

Features include:

  • Allow setting cloud connector configuration and log_level via environment vars
  • Cloud Risk Assessment

Check the full list of changes to get the full details.

Admission Controller

Sysdig Admission Controller has been updated to v3.9.2

A feature has been added in this release:

  • Do not show std http server errors unless debug is enabled

Documentation – https://docs.sysdig.com/en/docs/installation/admission-controller-installation/

Runtime Vulnerability Scanner

The new vuln-runtime-scanner has been updated to release v1.0.3

This release contains the following change:

  • Optimized requests performed on the Kubernetes API

Documentation – https://docs.sysdig.com/en/docs/sysdig-secure/vulnerabilities/runtime

Sysdig CLI Scanner

Sysdig CLI Scanner binary has been updated to v1.0.2

Note: If you are using this binary for local scanning in your development environment or your pipeline does not automatically pull the latest binary, we recommend you update. Follow the instructions in the documentation to retrieve the latest binary. The documented steps work well in a pipeline too when your CI/CD pipelines can access the Internet.

Documentation – https://docs.sysdig.com/en/docs/sysdig-secure/vulnerabilities/pipeline/

Image Analyzer

Sysdig Image analyzer has been updated with security patches.

The new release is v0.1.17

Host Analyzer

Sysdig Host Analyzer has been updated with security patches.

The new release is v0.1.7

Documentation – https://docs.sysdig.com/en/docs/installation/node-analyzer-multi-feature-installation/#node-analyzer-multi-feature-installation

Sysdig Secure Inline Scan for Github Actions

v3.2.0 is still the latest release, which we covered in our November edition.

https://github.com/marketplace/actions/sysdig-secure-inline-scan

Sysdig Secure Jenkins Plugin

A new version of the plugin has been released. The release is v2.1.14

Changes from our last report:

  • fix: customize connection timeout and allow ping.
  • Filter for severity and fixable on vulnerabilities table.
  • Ability to download vulnerabilities table in csv format.
  • Show policy name on policy table.
  • Display warning error when json files needed for generating tables are not present.
  • Add explicit dependency to apache.commons.lang3 for docker-java-core (#52).
  • Fixes issues with missing class in some environments.

https://plugins.jenkins.io/sysdig-secure/

Prometheus Integrations

Integrations:

  • feat: Updated helm charts with new exporters image tags for security updates
  • fix: Added filter to drop Portworx metrics in Prometheus default job
  • fix: Added label kube_namespace_name correctly to kubelet PVC metrics
  • feat: Updated the exporter image tags in the helm charts
  • feat: Optimized metrics sent by Kubelet and kubelet-PVC jobs
  • feat: Increased scrape interval of Kubelet to one minute
  • refactor: In KSM helm chart, removed remote-write label in KSM recording rules which are not needed in dashboards or alerts
  • fix: Dashboard names in list of dashboards of an integration
  • fix: Improved documentation and fix typos in integration wizard
  • fix: Changed nginx-ingress metric that detects reporting metrics for nginx_ingress_controller_nginx_process_cpu_seconds_total, as this is always present
  • fix: Improved CoreDNS Prometheus job to be detected in IKS clusters
  • fix: Changed troubleshooting metrics in some integrations for metrics inside the filter of the Prometheus job

Dashboards and alerts:

  • feat: Added Kubernetes scope to troubleshooting dashboard templates
  • feat: Deprecated the legacy troubleshooting dashboard templates for MongoDB and SQL
  • fix: Removed no useful disks from ‘Kubernetes Node Status & Performance’ dashboard
  • fix: Added filter to exclude containers FS in ‘File System Usage & Performance’ dashboard template. Also added cluster scope and changed table panel position.
  • fix: Typo in Dashboards: “Workload Status & Performance” and “KSM Workload Status & Performance”
  • fix: In Dashboard “Workload Status & Performance”, removed the scope of method in the “HTTP Requests Count per Workload” panel
  • fix: Fixed query in “Unused Requested CPU by all Replicas of a container“ panel in “Cluster Capacity Planning” Dashboard
  • fix: Removed duplicate files for “PCV and Storage” dashboard template
  • fix: Text in banner for Workload Kubernetes dashboard template
  • feat: Changed OOTB K8s dashboards to use “is” vs. “in” scoping to improve performance. Dashboards changed:
    • Cluster/Namespace Available Resources
    • Cluster Capacity Planning
    • Pod Rightsizing & Workload Capacity Optimization
    • Pod Scheduling Troubleshooting
    • Kubernetes HPA
  • fix: In Cluster Capacity Planning dashboard, only added the containers with limits/requests in certain panels
  • fix: In dashboard “Kubernetes CoreDNS” review the label “job” used in some panels

Exporter images:

  • New exporter images with security updates:
    • JMX:
      • quay.io/sysdig/promcat-jmx-exporter:v0.16.5
      • quay.io/sysdig/promcat-jmx-exporter:v0.16.5-ubi
    • MySQL:
      • quay.io/repository/sysdig/mysql-exporter:v0.13.5
      • quay.io/repository/sysdig/mysql-exporter:v0.13.5-ubi
    • Memcached:
      • quay.io/repository/sysdig/memcached-exporter:v0.9.3
      • quay.io/repository/sysdig/memcached-exporter:v0.9.3-ubi
    • Nginx:
      • quay.io/repository/sysdig/nginx-exporter:v0.9.3
      • quay.io/repository/sysdig/nginx-exporter:v0.9.3-ubi
    • MongoDB:
      • quay.io/repository/sysdig/mongodb-exporter:v0.11.7
      • quay.io/repository/sysdig/mongodb-exporter:v0.11.7-ubi
    • ElasticSearch:
      • quay.io/repository/sysdig/elasticsearch-exporter:v1.3.2
      • quay.io/repository/sysdig/elasticsearch-exporter:v1.3.2-ubi
    • PostgreSQL:
      • quay.io/repository/sysdig/postgresql-exporter:v0.10.6
      • quay.io/repository/sysdig/postgresql-exporter:v0.10.6-ubi
    • Apache:
      • quay.io/repository/sysdig/apache-exporter:v0.10.5
      • quay.io/repository/sysdig/apache-exporter:v0.10.5-ubi
    • Redis:
      • quay.io/repository/sysdig/redis-exporter:v1.31.6
      • quay.io/repository/sysdig/redis-exporter:v1.31.6-ubi
    • Grok:
      • quay.io/sysdig/grok-exporter:v1.0.2
      • quay.io/sysdig/grok-exporter:v1.0.2-ubi

Promcat.io:

  • Added Prometheus annotations to nginx-controller setup guide

Sysdig On-Premise

The 5.1.0 On-Premise minor release remains the latest.

The full release notes can be found here: Sysdig Docs or Github

New Website Resources

Blogs

Webinars

Tradeshows

Education

Subscribe and get the latest updates