Sysdig: Forensics and Incident Response

Sysdig: Forensics and Incident Response


Conducting forensics and incident response for containers and Kubernetes helps you better understand security breaches, meet compliance requirements and recover quickly. However, the challenges platform and security practitioners face with incident response are:

  • Something happened to my container and now it is no longer running, how do I know what happened?
  • It takes too much time sifting through logs to find out what’s happened post-incident.
  • I don’t have the right data to tell me what services/systems are impacted by an event.

To address these challenges and more, join us on Tuesday, December 14th for a 45-minute learning session covering forensics and incident response best practices.

Gary Hutchins, Solution Architect, Sysdig
Jason Clark, Senior Sales Engineer, Sysdig


  1. How containers change incident response and forensics
  2. Streamlined IR is even more important with containerized workloads
  3. Why log analytics are not enough anymore
  4. 5 minute mini sessions:
  5. Falco
  6. ServiceVision with Metadata Context
  7. Audit
  8. Forensics
  9. 10 min Q&A