| copyright | lastupdated | keywords | subcollection | ||
|---|---|---|---|---|---|
|
2024-04-18 |
workload-protection |
{{site.data.keyword.attribute-definition-list}}
{: #getting-started}
In architectures that are focused on container and microservices, you can use {{site.data.keyword.sysdigsecure_full}} to find and prioritize software vulnerabilities, detect and respond to threats, and manage configurations, permissions, and compliance from source to run. {: shortdesc}
{: #getting-started-prereqs}
-
You must have a user ID that is a member or an owner of an {{site.data.keyword.cloud_notm}} account. To get an {{site.data.keyword.cloud_notm}} user ID, go to: Registration{: external}.
-
Check the regions where the service is available. Learn more. You can complete the steps in any of the supported regions.
{: #getting-started-step1}
Every user that accesses the {{site.data.keyword.sysdigsecure_full_notm}} service in your account must be assigned an access policy with an IAM user role defined. The policy determines the actions that the user can run within the context of the service or instance you selected. The allowable actions are customized and defined as operations that are allowed to be run on the service. The actions are then mapped to IAM user roles. For more information, see Managing user access in the {{site.data.keyword.cloud_notm}}.
When a user is granted permissions in the {{site.data.keyword.cloud_notm}} to work with the {{site.data.keyword.sysdigsecure_full_notm}} service, the user is automatically granted a service role. This role determines the actions that a user has permissions to run. For more information, see Controlling access through IAM.
Before you can provision an instance, you need to understand:
- The account owner can create, view, and delete an instance of a service in the {{site.data.keyword.cloud_notm}}, and can grant permissions to other users to work with the {{site.data.keyword.sysdigsecure_full_notm}} service.
- You must have permissions to create resources in the Default resource group.
- Other {{site.data.keyword.cloud_notm}} users with
administratororeditorpermissions can manage the {{site.data.keyword.sysdigsecure_full_notm}} service in the {{site.data.keyword.cloud_notm}}. These users must also have platform permissions to create resources within the context of the resource group where they plan to provision the instance.
To grant a user the administrator role for the service and to manage instances within a resource group in the account, the user must have an IAM policy for the {{site.data.keyword.sysdigsecure_full_notm}} service. For more information, see Granting permissions to work with the {{site.data.keyword.sysdigsecure_full_notm}} service.
By default, users are automatically added as members of the Secure Operations team that is predefined for each {{site.data.keyword.sysdigsecure_full_notm}} instance. Users have full permissions to see all the data in the web UI.
{: #getting-started-step2}
To add monitoring features with {{site.data.keyword.sysdigsecure_full_notm}} in the {{site.data.keyword.cloud_notm}}, you must provision an instance of the {{site.data.keyword.sysdigsecure_full_notm}} service.
Instances are provisioned in the context of a resource group. A resource group organizes your services for access control and billing purposes. You can provision the {{site.data.keyword.sysdigsecure_full_notm}} instance in the default resource group or in a custom resource group.
To provision an instance through the {{site.data.keyword.cloud_notm}} UI, complete the following steps:
-
Log in to your {{site.data.keyword.cloud_notm}} account.
Open the {{site.data.keyword.cloud_notm}} dashboard{: external}.
After you log in with your user ID and password, the {{site.data.keyword.cloud_notm}} UI opens.
-
Click Catalog. The list of the services that are available in {{site.data.keyword.cloud_notm}} opens.
-
To filter the list of services that is displayed, select the Security category.
-
Click the {{site.data.keyword.sysdigsecure_full_notm}} tile.
-
Select the location.
-
Select a service plan.
For more information about the service plans, see Service plans.
-
Enter a service name.
-
Select a resource group. By default, the Default resource group is set.
-
Click Create to provision an instance.
The service UI opens.
To provision an instance through the CLI, see Provisioning a Monitoring instance through the {{site.data.keyword.cloud_notm}} CLI. {: tip}
{: #getting-started-secure-step3}
After you provision an instance of the {{site.data.keyword.sysdigsecure_full_notm}} service in the {{site.data.keyword.cloud_notm}}, you can deploy the agent on your cluster. The agent collects data that you can use for intrusion detection, posture management, vulnerability scanning, and incident response capabilities.
{: caption="Agents that can be configured to provide data to {{site.data.keyword.sysdigsecure_full_notm}}" caption-side="bottom"}
Choose 1 of the following options:
- Configure an agent for Kubernetes.
- Configure an agent for {{site.data.keyword.redhat_openshift_notm}}.
{: #getting-started-step4}
After you provision an instance of the {{site.data.keyword.sysdigsecure_full_notm}} service, and configure a monitoring agent for your node, you can view, monitor, and manage data through the service's web UI.
You launch the web UI within the context of the {{site.data.keyword.sysdigsecure_full_notm}} instance, from the {{site.data.keyword.cloud_notm}} UI.
Complete the following steps to launch the monitoring UI:
-
Log in to your {{site.data.keyword.cloud_notm}} account.
Click {{site.data.keyword.cloud_notm}} dashboard{: external} to launch the {{site.data.keyword.cloud_notm}} dashboard.
After you log in with your user ID and password, the {{site.data.keyword.cloud_notm}} Dashboard opens.
-
In the navigation menu, select Resource List.
-
Select Security.
The list of instances that are available on {{site.data.keyword.cloud_notm}} is displayed.
-
Select one instance. Then, click Open dashboard.
The Web UI opens.
{: #getting-started-secure-step5}
See the following table for tasks that you can run to secure your environment:
| Action | Description |
|---|---|
| Integrate scanning into your CI/CD Pipeline{: external} | You can integrate scanning into your CI/CD Pipeline to analyze images that are available on the CI/CD worker nodes. |
| Configure a notification channel | You can configure a notification channel to get notified about events, anomalies, or security incidents that require attention. |
| Scan container images | You can scan container images for vulnerabilities, and other violations. |
| Configure a rule | You can create a Detection Rule to detect and respond to anomalous runtime activity. \n You can create a rule to specify which image versions can be used. |
| Review your Compliance results{: external} | The Compliance module relies on persisting the resources in an inventory; this enhanced resource visibility and full-context prioritization drives remediation and resolution of violations. |
| {: caption="Tasks to secure your environment" caption-side="bottom"} |
{: #getting-started-secure-next-step}
To get the most out of {{site.data.keyword.sysdigsecure_short}}, connect your instance to {{site.data.keyword.compliance_short}}. By creating a connection, you can view all of the compliance results that are returned by {{site.data.keyword.sysdigsecure_short}}, but you can validate and view your I{{site.data.keyword.cloud_notm}} results all in the same place. For more information, check out Connecting Workload Protection.