SysdigResponseActions
This is an integration that will use Sysdig agent to respond to malicious activity by triggering different actions at the host or container level like killing a container, quarantine a file or perform a system capture.
Data Enrichment & Threat Intelligence · Sysdig Response Actions
Configuration parameters
url— Your server URL (required)credentials— (required)insecure— Trust any certificate (not secure)proxy— Use system proxy settingsclassifier— Classifiermapper— Mapper (incoming)isFetch— Fetch incidentsincidentType— Incident typemax_fetch— The maximum number of incidents per fetchfirst_fetch— First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)
Commands (4)
-
create-system-captureCommand to trigger a system capture, it will record all system calls at the host level.
-
execute-response-actionExecute response actions through the Sysdig API.
-
get-action-executionGet the status and information of a triggered action execution.
-
get-capture-fileCommand to get a system capture based on the capture ID.