Sysdig Integration

Sysdig is a cloud-native visibility and security platform designed to monitor, secure, and troubleshoot containerized and microservices environments. By providing insight into system calls, Sysdig offers granular visibility into the real-time performance and health of applications, containers, and infrastructures. This platform also aids in identifying and mitigating potential security threats, ensuring compliance, and facilitating forensic investigations.

In ilert: Create a Sysdig alert source

1. Go to Alert sources -> Alert sources and click Create new alert source
2. Search for Sysdig in the search field, click on the Sysdig tile, and click Next.
3. Give your alert source a name, optionally assign teams and click Next.

4. Select an escalation policy by creating a new one or assigning an existing one.
5. Select your Alert grouping preference and click Continue setup. You may click Do not group alerts for now and change it later.
6. The next page shows additional settings, such as customer alert templates or notification priority. Click on Finish setup for now.

7. On the final page, an API key and/or webhook URL will be generated, which you will need later in this guide.

In Sysdig: Create a notification channel

1. Go to Sysdig and then to Settings. Click on Notification Channels and then on Add Notification Channel to add a new notification channel for ilert

1. On the popup, choose WebHook

1. On the next page, in the section URL field, paste the Webhook URL that you generated in ilert

1. In the Channel Name section, enter a name eg. iLert

2. Make sure that Enabled and Notify when Resolved options are enabled

3. Click on Save

FAQ

Will alerts in ilert be resolved automatically?

Yes

Will alerts in ilert be accepted automatically?

No, unfortunately, Sysdig accepted event is not compatible with ilert accepted event.

Can I connect Sysdig with multiple alert sources from ilert?

Yes, simply create more notification channels in Sysdig.