What’s new in Sysdig – September 2020

By Chris Kranz - SEPTEMBER 17, 2020


Welcome to our monthly update on what’s new from Sysdig!

This month is a little eclipsed by last month’s big launch of Essentials and our new SaaS regions, KubeCon EU, and many of us finishing off the summer holidays and getting the kids packed off back to school. Our teams are busy working on some big feature releases which we don’t want to reveal just yet, but I think you’re all going to really love them in the coming months! We still have a few incremental updates to let you know about, however.

One thing outside of Sysdig that I’d like to draw your attention to is what’s new in Kubernetes v1.19. A lot went into v1.19 from the Kubernetes teams and we see many really great enterprise features coming into Kubernetes. Our team digested the various updates and put together a blog to give you a good overview of some of the major points; don’t miss this useful outline to save you from scouring through pages of release notes!

Our team was also wrapped up in KubeCon for a week. We had a few great sessions and Kris Nova delivered a couple of fantastic keynote talks. If you did attend, all the sessions are still available on demand in case you missed or want to replay any. If you didn’t get the chance to attend, we’ll be doing a recap later this month in our EMEA virtual meetup, and the CNCF should make them all available on YouTube at some point.

As always, please go checkout our own Release Notes for more details on product updates, and ping your local Sysdig contact if you have any questions about anything covered here.

Sysdig Secure

Runtime Security (Falco) Rules

The latest version is 0.8.3, and you can see in Secure Runtime Rules Library what version you are running.

  • Added support for updating Falco rules across multiple accounts in an on-prem setup.
  • Created a new rule, EphemeralContainers Created for the Suspicious K8s Activity policy.
  • Replace the endswith operator when checking with an image repository.
  • Whitelisted sysdig/agent and sysdig/agent-slim. They are not available with the open-source Falco Rules.
  • Whitelisted dockerd-current and docker-current in the exe_running_docker_save macro.

Sysdig Agent

The latest Sysdig Agent release is 10.4.1. Below is a diff of updates since 10.3.1, which we covered in our last update.

New features & enhancements

  • The agent can now scrape Prometheus metrics from the containers that expose ports only on specific IP addresses besides the localhost.
  • The use_forwarder option is now enabled by default – see Collect StatsD Metrics Under Load.
  • The default value (300) of per-process JMX bean limits can now be changed.


  • Fixed a problem that could cause Kubernetes pods to lose association with their deployment or other related resources.
  • The embedded web server for Kubernetes audit events restarts as expected when the agent process is restarted.
  • Updated the version of the `jackson-databind` package to fix vulnerabilities discovered in the slim agent v10.3.0.

Helm chart

Our Helm chart v1.10.0 was launched in the past month. The main change here was to support Sysdig Agent v10.4.1 and also to deploy a companion PSP to allow the agent to work on PSP enabled clusters.

New website resources




New case studies

Subscribe and get the latest updates