We recommend reviewing the Sysdig Assessment Principles before starting.
We’d like to understand your skills and how we can best support your success.
If you don’t have time to complete all the steps, it’s sufficient to describe how you would implement them and address the various challenges.
Note: It is OK to Google or AI during the process, but keep in mind that many details may be overlooked if you don’t take some time to check the workflows manually.
- AWS Account (Please use free tiers or free credits options out there). If you can't use a real cloud account, you can skip the AWS part and work with a vanilla Kubernetes cluster locally.
- Sysdig Account (You should have received a trial account attached to this assessment).
-
EKS Cluster Setup:
- Create an EKS cluster using Terraform or CloudFormation.
- Specs: 4 CPUs, 8GB RAM (enough to run a full set of Sysdig agents).
- Please take care about billing alerts to avoid generating costs.
- Turn off or scale down your cluster when you're not using it, but don't destroy it!
-
Cloud Security:
- Since in this scenario your company is running clusters in the cloud, you should connect Sysdig to both your cluster and your cloud environment to find out what's happening at any level. Onboard the cluster using an agent-based method, and the cloud account using an agent-less method. You can follow the Getting Started guide in the Sysdig UI and refer to Sysdig's official documentation.
-
Deploy App(s):
- Deploy one or more test applications in the cluster. Some ideas are: Voting App and/or Juice Shop.
-
Explore Sysdig Features:
- Enable some runtime policies and generate any events (Example: "Terminal Shell in a container")
- Review activity audit (Why is this important?).
- Review posture management (inventory, CSPM), what is failing and what is met (Please note that it can take up to 12h to get CSPM results).
- Investigate runtime vulnerability management: Identify top vulnerabilities and explain why.
- Can you provide a high level overview on how events are captured at different levels? (containers, and Cloudtrail).
- What are captures? What is inside?
-
Automations:
- Explain how to send runtime findings from the "Sysdig Runtime Threat Detection" policy to a third-party tool.
- If you had to secure your GitHub Actions pipeline, describe how to automate the image scanning in your GitHub pipeline.
- Outline an automation that pulls vulnerability data from an image every 24 hours.
-
Cluster Review:
- Do not destroy your cluster. We will review it together.
- Show off your namespaces and logs.
- How can we improve the process?
- How does Sysdig compare to other solutions you’ve used?
- What changes would you suggest for this assessment?