# Sysdig Integration

[Sysdig](https://sysdig.com/) is a cloud-native visibility and security platform designed to monitor, secure, and troubleshoot containerized and microservices environments. By providing insight into system calls, Sysdig offers granular visibility into the real-time performance and health of applications, containers, and infrastructures. This platform also aids in identifying and mitigating potential security threats, ensuring compliance, and facilitating forensic investigations.

## In ilert: Create a Sysdig alert source <a href="#in-ilert" id="in-ilert"></a>

1. Go to **Alert sources** -> **Alert sources** and click **Create new alert source**

   <figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FjX0cS4q7woTXKajZmc1W%2FScreenshot%202023-08-28%20at%2010.21.10.png?alt=media&#x26;token=8ef3666b-84eb-4b51-abee-f07303313941" alt=""><figcaption></figcaption></figure>
2. Search for **Sysdig** in the search field, click on the Sysdig tile, and click **Next**.

   <figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FlXzQlJpaTFSR49AZk0xA%2FScreenshot%202023-08-28%20at%2010.24.23.png?alt=media&#x26;token=cffeacb4-57b9-47d4-827d-b0f6b1afd914" alt=""><figcaption></figcaption></figure>
3. Give your alert source a name, optionally assign teams and click **Next**.
4. Select an **escalation policy** by creating a new one or assigning an existing one.

   <figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FNnuZqONaIhbOf6fn4OkZ%2FScreenshot%202023-08-28%20at%2011.37.47.png?alt=media&#x26;token=8a74f7b5-5bd2-4eea-97fa-1c1dbb041333" alt=""><figcaption></figcaption></figure>
5. Select your [Alert grouping](https://docs.ilert.com/alerting/configure-alerting/alert-sources#alert-grouping) preference and click **Continue setup**. You may click **Do not group alerts** for now and change it later.

   <figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FueugN4JgHn1c90ggFA6u%2FScreenshot%202023-08-28%20at%2011.38.24.png?alt=media&#x26;token=b8009daf-3ca8-4264-a6fa-e42ef7333205" alt=""><figcaption></figcaption></figure>
6. The next page shows additional settings, such as customer alert templates or notification priority. Click on **Finish setup** for now.
7. On the final page, an API key and/or webhook URL will be generated, which you will need later in this guide.

   <figure><img src="https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-M76ygPnS4HUcFSX8ulm%2Fuploads%2FJ1QwcjLiVLOyieOrgmpC%2FScreenshot%202023-08-28%20at%2011.47.34.png?alt=media&#x26;token=72dc29a2-ded0-44cd-89bc-229bb0569626" alt=""><figcaption></figcaption></figure>

## In Sysdig: Create a notification channel <a href="#in-topdesk" id="in-topdesk"></a>

1. Go to Sysdig and then to **Settings.** Click on **Notification Channels** and then on **Add Notification Channel** to add a new notification channel for ilert

![](https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M76ygPnS4HUcFSX8ulm%2F-MIs7K42pzr9G7EM1vRj%2F-MIsB6C2V4GKWbKs9Us_%2FNotifications_-_Settings_-_Sysdig.png?alt=media\&token=27b06f21-92bf-40c9-b5d2-9b89423d9acf)

2. On the popup, choose **WebHook**

![](https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M76ygPnS4HUcFSX8ulm%2F-MIs7K42pzr9G7EM1vRj%2F-MIsCELKMa_4OFHrZqtU%2FBanners_and_Alerts_and_Notifications_-_Settings_-_Sysdig.png?alt=media\&token=66791bf6-45b9-4aab-a889-4cd6d85d61a2)

3. On the next page, in the section **URL** field, paste the **Webhook URL** that you generated in ilert

![](https://3394882078-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M76ygPnS4HUcFSX8ulm%2F-MIs7K42pzr9G7EM1vRj%2F-MIsDBcgBrGV-ckj8llt%2FNew_Channel_-_Notifications_-_Settings_-_Sysdig.png?alt=media\&token=1af98a20-9419-419d-8aee-d7b6639171b1)

4. In the **Channel Name** section, enter a name eg. `iLert`
5. Make sure that **Enabled** and **Notify when Resolved** options are enabled
6. Click on **Save**

## FAQ <a href="#faq" id="faq"></a>

**Will alerts in ilert be resolved automatically?**

Yes

**Will alerts in ilert be accepted automatically?**

No, unfortunately, Sysdig accepted event is not compatible with ilert accepted event.

**Can I connect Sysdig with multiple alert sources from ilert?**

Yes, simply create more notification channels in Sysdig.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ilert.com/integrations/inbound-integrations/sysdig.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.