Operations | Monitoring | ITSM | DevOps | Cloud

Latest Posts

Now Available: IBM Cloud Monitoring with Sysdig.

Today at Kubecon we announced the availability of IBM Cloud Monitoring with Sysdig. Together, IBM and Sysdig have launched this new offering to provide a fully managed enterprise-grade monitoring service for cloud-native applications on IBM Cloud. If you build, ship, and run applications on IBM Cloud, you now have direct, integrated access to Sysdig Monitor.

Introducing Sysdig Secure 2.2: Kubernetes auditing, compliance, and access control.

Over the past four years we’ve helped hundreds of organizations run reliable, secure, and compliant Kubernetes and Openshift clusters. Some of the key themes we’ve seen from organizations that have successfully grown their Kubernetes footprint are: they have immaculate labeling, understand how to leverage internal Kubernetes features to harden their platform, and understand what developers need access to and manage it with RBAC and namespaces.

Container security orchestration with Falco and Splunk Phantom

Container security orchestration allows to define within your security policy how you are going to respond to your different container security incidents. These responses can be automated in what is called security playbooks. This way, you can define and orchestrate multiple workflows involving different software both for sourcing and responding. This is how Falco and Splunk Phantom can be integrated together to do this.

Service based access control with Sysdig Secure Teams

While you’re likely familiar with role-based access control, Sysdig teams introduce the concept of service-based access control. With service-based access control, administrators can define groups of users that have access to policy events, policy configuration, and scanning data limited to a service or set of services, as defined by your orchestration system (think Kubernetes, Mesos, and the like).

How to identify malicious IP activity using Falco

One of the most common security use cases, is the ability to identify connections generated by malicious actors, or internal components connecting to suspicious servers (e.g malware C&Cs). In this post, we will show how to leverage the Falco engine, to identify connections made to IPs that were flagged by multiple security sensors, and are streamed as a feed to the Falco engine.

Using Terraform for container security as code with Sysdig Secure

In the following tutorial you can learn how to implement container security as code. You probably have a CI/CD pipeline to automatically rebuild your container images. What if you could define your container security as code, push it into a Git repository to version control changes and then enforce your policy in your container orchestration tool like Docker or Kubernetes using Sysdig Secure?

Monitoring Java in Docker: Overcoming past limitations

Before the release of Java 9 and 10, there were several limitations to deploying and monitoring Java in Docker. This post explores how the latest versions of Java address the most common of these limitations, and includes examples of how to make the most of monitoring Java in Docker.

Dynamic DNS & Falco: detecting unexpected network activity

Since the inception of Falco, we’ve seen users write custom rules covering a number of different use cases. Because Falco is behavioral monitoring with a syntax that leverages system calls, you can write a rule for just about anything: opening a file, becoming root, or making a network connection.