- Visualize Sysdig account, teams, users and findings in the JupiterOne graph.
- See relationships between Sysdig teams and users in your JupiterOne account.
- Monitor changes to Sysdig users using JupiterOne alerts.
- JupiterOne periodically fetches account details, teams, users and findings from Sysdig to update the graph.
- Write JupiterOne queries to review and monitor updates to the graph, or leverage existing queries.
- Configure alerts to take action when JupiterOne graph changes, or leverage existing alerts.
- Sysdig supports an API Token credential. You must have a Administrator user account.
- JupiterOne requires a Sysdig account API token. You need permission to create a user in Sysdig that will be used to obtain the API key.
- You must have permission in JupiterOne to install new integrations.
If you need help with this integration, please contact JupiterOne Support.
- Retrieve the Sysdig API Token
- Look up the
SaaS Region
for your Sysdig account. The integration configuration needs the endpoint for
your account (e.g.
us2)
- From the top navigation of the J1 Search homepage, select Integrations.
- Scroll to the Sysdig integration tile and click it.
- Click the Add Configuration button and configure the following settings:
- Enter the Account Name by which you'd like to identify this Sysdig account
in JupiterOne. Ingested entities will have this value stored in
tag.AccountNamewhen Tag with Account Name is checked. - Enter a Description that will further assist your team when identifying the integration instance.
- Select a Polling Interval that you feel is sufficient for your monitoring
needs. You may leave this as
DISABLEDand manually execute the integration. - Enter the Sysdig API Token generated for use by JupiterOne.
- Enter the Region for your Sysdig account
- Click Create Configuration once all values are provided.
- From the top navigation of the J1 Search homepage, select Integrations.
- Scroll to the Sysdig integration tile and click it.
- Identify and click the integration to delete.
- Click the trash can icon.
- Click the Remove button to delete the integration.
The following entities are created:
| Resources | Entity _type |
Entity _class |
|---|---|---|
| Account | sysdig_account |
Account |
| Agent | sysdig_agent |
Scanner |
| Cluster | sysdig_cluster |
Cluster |
| Finding | sysdig_finding |
Finding |
| Image Scan | sysdig_image_scan |
Assessment |
| Scanner | sysdig_scanner |
Service |
| Team | sysdig_team |
Team |
| User | sysdig_user |
User |
The following relationships are created:
Source Entity _type |
Relationship _class |
Target Entity _type |
|---|---|---|
sysdig_account |
HAS | sysdig_agent |
sysdig_account |
HAS | sysdig_cluster |
sysdig_account |
HAS | sysdig_image_scan |
sysdig_account |
HAS | sysdig_scanner |
sysdig_account |
HAS | sysdig_team |
sysdig_account |
HAS | sysdig_user |
sysdig_agent |
SCANS | sysdig_cluster |
sysdig_image_scan |
IDENTIFIED | sysdig_finding |
sysdig_scanner |
PERFORMED | sysdig_image_scan |
sysdig_team |
HAS | sysdig_user |
The following mapped relationships are created:
Source Entity _type |
Relationship _class |
Target Entity _type |
Direction |
|---|---|---|---|
sysdig_finding |
IS | *cve* |
FORWARD |