Welcome to another monthly update on what’s new from Sysdig! Happy Pride month! We hope you are celebrating safely, in whatever manner you choose. It’s been over 50 years since the Stonewall riots, but we continue to fight for equality and justice. Love is love, and we’re sending you all of ours! Thank you to Marsha P. Johnson, Brenda Howard, and countless others for fighting for the freedom that many of us today enjoy.

AWS CloudFormation provides an easy way to model and set up AWS resources to help you save time in deploying the stack you need to run your applications. Today, AWS announced the launch of AWS CloudFormation Public Registry. CloudFormation Public Registry is a searchable collection of extensions that allows you to easily discover, provision, and manage resource types and modules published and maintained by AWS Partner Network (APN) partners like Sysdig.

You see the headlines, and perhaps, ‘thank goodness it wasn’t us’ flickers through your mind. An overly permissive web server exposes 100 million+ consumer credit applications, or an S3 bucket leaves hundreds of millions of user records open to the public. A nightmare scenario for any CISO and their cloud security team!

Kubernetes resource limits are always a tricky setting to tweak, since you have to find the sweet spot between having the limits too tight or too loose. In this article, which is a continuation of the Kubernetes capacity planning series, you’ll learn how to set the right Kubernetes resource limits: from detecting the containers without any limit, to finding the right Kubernetes resource limits you should set in your cluster.

We recently released the automated Falco rule tuning feature in Sysdig Secure. Out-of-the-box security rules are a double-edged sword. On one side, they allow you to get started right away. On the other, it can take many working hours to learn the technology, configuration, and syntax to be able to customize the rules to fit your applications. Falco’s default security rules are no different.

In this article, you will find 10 practical Prometheus query examples for monitoring your Kubernetes cluster. So you are just getting started with Prometheus, and are figuring out how to write PromQL queries. At Sysdig, we’ve got you covered! A while ago, we created a PromQL getting started guide. Now we’ll jump in skipping the theory, directly with some PromQL examples.

Amazon Elastic Container Service (ECS) Anywhere enables you to simply run containers in whatever location makes the most sense for your business – including on-premises. Security is a key concern for organizations shifting to the cloud. Sysdig has validated our Secure DevOps platform with ECS Anywhere, giving AWS customers the security and visibility needed to run containers confidently on the new deployment model.

Welcome to another monthly update on what’s new from Sysdig. Eid Mubarak! Our team continues to work hard to bring great new features to all of our customers, automatically and for free! Most importantly, of course, was our recent funding round! I won’t repeat all the details as you can read more about what it means here. However, we are super excited about all the new feature improvements we can fund and bring to our customers!

The CVE-2021-25737 low-level vulnerability has been found in Kubernetes kube-apiserver where an authorized user could redirect pod traffic to private networks on a Node. The kube-apiserver affected are: By exploiting the vulnerability, adversaries could be able to redirect pod traffic even though Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range.

In its mission to simplify building and running cloud-native applications for users, Amazon has announced the GA of AWS App Runner, a new purpose-built container application service. With security top of mind for most organizations shifting to the cloud, Sysdig has collaborated with AWS to enable threat detection for the new platform.