Welcome to our monthly update on what’s new from Sysdig!
This month is a little eclipsed by
last month’s big launch of Essentials and our new SaaS regions, KubeCon EU, and many of us finishing off the summer holidays and getting the kids packed off back to school. Our teams are busy working on some big feature releases which we don’t want to reveal just yet, but I think you’re all going to really love them in the coming months! We still have a few
incremental updates to let you know about, however.
One thing outside of Sysdig that I’d like to draw your attention to is
what’s new in Kubernetes v1.19. A lot went into v1.19 from the Kubernetes teams and we see many really great
enterprise features coming into Kubernetes. Our team digested the various updates and put together a blog to give you a good overview of some of the major points; don’t miss this useful outline to save you from scouring through pages of release notes!
Our team was also wrapped up in
KubeCon for a week. We had a few great sessions and Kris Nova delivered a couple of fantastic keynote talks. If you did attend, all the sessions are still available on demand in case you missed or want to replay any. If you didn’t get the chance to attend, we’ll be doing a recap later this month in our EMEA virtual meetup, and the CNCF should make them all available on YouTube at some point.
As always, please go checkout
our own Release Notes for more details on product updates, and ping your local Sysdig contact if you have any questions about anything covered here.
Sysdig Secure
Runtime Security (Falco) Rules
The latest version is
0.8.3, and you can see in
Secure Runtime Rules Library what version you are running.
- Added support for updating Falco rules across multiple accounts in an on-prem setup.
- Created a new rule, EphemeralContainers Created for the Suspicious K8s Activity policy.
- Replace the
endswith operator when checking with an image repository.
- Whitelisted
sysdig/agent and sysdig/agent-slim. They are not available with the open-source Falco Rules.
- Whitelisted
dockerd-current and docker-current in the exe_running_docker_save macro.
Sysdig Agent
The latest Sysdig Agent release is
10.4.1. Below is a
diff of updates since 10.3.1, which we covered in our last update.
New features & enhancements
- The agent can now scrape Prometheus metrics from the containers that expose ports only on specific IP addresses besides the localhost.
- The
use_forwarder option is now enabled by default – see Collect StatsD Metrics Under Load.
- The default value (300) of per-process JMX bean limits can now be changed.
Fixes
- Fixed a problem that could cause Kubernetes pods to lose association with their deployment or other related resources.
- The embedded web server for Kubernetes audit events restarts as expected when the agent process is restarted.
- Updated the version of the `jackson-databind` package to fix vulnerabilities discovered in the slim agent v10.3.0.
Helm chart
Our
Helm chart v1.10.0 was launched in the past month. The main change here was to support Sysdig Agent v10.4.1 and also to deploy a companion PSP to allow the agent to work on PSP enabled clusters.
New website resources
Promcat.io
Blogs
Webinars
New case studies
