Welcome to our monthly update on what’s new from Sysdig!
This month is a little eclipsed by last month’s big launch of Essentials and our new SaaS regions, KubeCon EU, and many of us finishing off the summer holidays and getting the kids packed off back to school. Our teams are busy working on some big feature releases which we don’t want to reveal just yet, but I think you’re all going to really love them in the coming months! We still have a few incremental updates to let you know about, however.
One thing outside of Sysdig that I’d like to draw your attention to is what’s new in Kubernetes v1.19. A lot went into v1.19 from the Kubernetes teams and we see many really great enterprise features coming into Kubernetes. Our team digested the various updates and put together a blog to give you a good overview of some of the major points; don’t miss this useful outline to save you from scouring through pages of release notes!
Our team was also wrapped up in KubeCon for a week. We had a few great sessions and Kris Nova delivered a couple of fantastic keynote talks. If you did attend, all the sessions are still available on demand in case you missed or want to replay any. If you didn’t get the chance to attend, we’ll be doing a recap later this month in our EMEA virtual meetup, and the CNCF should make them all available on YouTube at some point.
As always, please go checkout our own Release Notes for more details on product updates, and ping your local Sysdig contact if you have any questions about anything covered here.
Sysdig Secure
Runtime Security (Falco) Rules
The latest version is 0.8.3, and you can see in Secure Runtime Rules Library what version you are running.
- Added support for updating Falco rules across multiple accounts in an on-prem setup.
- Created a new rule, EphemeralContainers Created for the Suspicious K8s Activity policy.
- Replace the
endswith
operator when checking with an image repository. - Whitelisted
sysdig/agent
andsysdig/agent-slim
. They are not available with the open-source Falco Rules. - Whitelisted
dockerd-current
anddocker-current
in theexe_running_docker_save
macro.
Sysdig Agent
The latest Sysdig Agent release is 10.4.1. Below is a diff of updates since 10.3.1, which we covered in our last update.
New features & enhancements
- The agent can now scrape Prometheus metrics from the containers that expose ports only on specific IP addresses besides the localhost.
- The
use_forwarder
option is now enabled by default – see Collect StatsD Metrics Under Load. - The default value (300) of per-process JMX bean limits can now be changed.
Fixes
- Fixed a problem that could cause Kubernetes pods to lose association with their deployment or other related resources.
- The embedded web server for Kubernetes audit events restarts as expected when the agent process is restarted.
- Updated the version of the `jackson-databind` package to fix vulnerabilities discovered in the slim agent v10.3.0.
Helm chart
Our Helm chart v1.10.0 was launched in the past month. The main change here was to support Sysdig Agent v10.4.1 and also to deploy a companion PSP to allow the agent to work on PSP enabled clusters.
New website resources
Promcat.io
Blogs
- Seven Kubernetes monitoring best practices every monitoring solution should enable
- Sysdig Secure DevOps Platform available on Red Hat Marketplace
- Containers and Kubernetes may be the edge you need to keep moving forward
- A security journey to open source
- Secure and monitor your containers on Bottlerocket from AWS
- 6 Things to consider in a Prometheus monitoring platform
- How to monitor Harbor registry with Prometheus metrics
- What’s new in Kubernetes 1.19?
- Sysdig 2020 Container Security Snapshot: Key image scanning and configuration insights
Webinars
- Runtime security with Falco, the CNCF container security project
- Scaling Prometheus Monitoring, the No-Hacks Way
- DevSecOps: What do you focus on first?
- Secure DevOps Virtual Meetup Europe August
- Getting Started with Prometheus Exporters
- Cards Against Containers for a Cause (and a LOT of FUN!)