• Sysdig OSS helps record process, file system, and network activities in real-time and granularity.
  • Sysdig Secure and Sysdig Monitor are two projects based on the open-source foundation to help address the security challenges of modern cloud applications.

Sysdig, the unified container and cloud security leader, unveiled that Sysdig open source, the incident response standard for containers, has been expanded to the cloud. With the help of system calls, Sysdig open-source (Sysdig OSS) traditionally offers deep observability into running applications. It also offers file system access and network activity, which fastens incident response and troubleshooting.

With this, teams can quickly sieve information from Sysdig OSS and take action. With the announcement of this new integration, these capabilities have been extended beyond containers to any cloud environment.

The complexity of cloud-native applications – with many components and variables – makes it incredibly difficult for security analysts and system administrators to triage alarms quickly and diagnose problems. Sysdig OSS records process, file system, and network activities in real-time and with a certain degree of granularity. The application, which has received over two million downloads and 6,850 GitHub stars, displays everything from run commands and file system activity to network activity. Sysdig OSS then offers comprehensive filtering and troubleshooting features, supporting root cause analysis for security and performance issues.

With the help of a new plugin framework – initially developed by the open-source community for the CNCF project Falco – Sysdig extends the number of sources Sysdig OSS may be associated with to anything that generates logs or events, including Azure, Google, and AWS CloudTrail logs.

In the future, every plugin created for Falco can also be used by Sysdig OSS. Investigations can be streamlined using a single tool, such as Sysdig OSS, to monitor events throughout the whole cloud-native system. Using a new tool for each scenario increases complexity, making troubleshooting much more difficult.

Sysdig’s commitment to open source

Sysdig was launched as an open-source company. Sysdig Secure and Sysdig Monitor are built on an open-source foundation to address the security challenges of modern cloud applications.

Sysdig launched both projects to demonstrate deep visibility as a foundation for security, and they have since become standards for container and cloud threat detection and incident response. Falco, which was added to the CNCF in 2018, is currently an incubation-level hosted project with over 45 million downloads.

Sysdig OSS and Falco can be used in tandem as a robust open-source solution to minimize risk at runtime. Sysdig OSS operates as a flight recorder, gathering a detailed record for inspection. Falco functions as a security camera, detecting unusual behavior, configuration changes, invasions, and data theft in real-time. Teams can use Sysdig OSS and Falco to detect and respond to risks.

“If you want to see what is going on inside an application, Sysdig OSS gives you that record,” said Loris Degioanni, Founder and CTO of Sysdig. “Sysdig open source was the inspiration for Falco. While Falco will monitor and alert based on your policies, Sysdig open source will tell you what happened at a particular time, before and after the event. Having the ability to use both open-source tools in the cloud is extremely powerful.”