Skip to content

Updating Sysdig Classifier, Incident fields and Layout #40690

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

Updating Sysdig Classifier, Incident fields and Layout #40690

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
bd06ce3
feat Updating Classifier, Incident fields and Layout
S3B4SZ17 Jul 22, 2025
f04dfe3
Updated the overall docs and release notes for version 1.0.1
S3B4SZ17 Jul 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion Packs/Sysdig/.pack-ignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,7 @@
[file:README.md]
ignore=RM108
ignore=RM108

[known_words]
Mappers
Mapper
Runtime
207 changes: 158 additions & 49 deletions Packs/Sysdig/Classifiers/classifier-Sysdig_Mapper_Webhook.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,51 +1,160 @@
{
"description": "Maps Sysdig Runtime Event fields for use in Integration Playbooks.",
"id": "Sysdig Mapper Runtime Event",
"mapping": {
"Sysdig Runtime Event": {
"dontMapEventToLabels": true,
"internalMapping": {
"Sysdig Container ID": {
"complex": {
"filters": [],
"root": "containerId",
"transformers": []
}
},
"Source Hostname": {
"complex": {
"accessor": "host\\.hostName",
"filters": [],
"root": "labels",
"transformers": []
}
},
"MAC Address": {
"complex": {
"filters": [],
"root": "machineId",
"transformers": []
}
},
"Sysdig Agent ID": {
"complex": {
"filters": [],
"root": "agentId",
"transformers": []
}
},
"Sysdig Customer ID": {
"complex": {
"filters": [],
"root": "customerId",
"transformers": []
}
}
}
}
},
"name": "Sysdig Mapper Runtime Event",
"type": "mapping-incoming",
"version": -1,
"fromVersion": "6.0.0"
"description": "Maps Sysdig Runtime Event fields for use in Integration Playbooks.",
"id": "Sysdig Mapper Runtime Event",
"mapping": {
"Sysdig Runtime Event": {
"dontMapEventToLabels": false,
"internalMapping": {
"Sysdig Agent Version": {
"complex": {
"filters": [],
"root": "labels",
"transformers": [
{
"args": {
"field": {
"isContext": false,
"value": {
"simple": "agent.version"
}
}
},
"operator": "getField"
}
]
}
},
"Sysdig Event ID": {
"complex": {
"filters": null,
"root": "id",
"transformers": null
}
},
"Command Line": {
"complex": {
"accessor": "fields.proc\\.cmdline",
"filters": null,
"root": "content",
"transformers": null
}
},
"PID": {
"complex": {
"accessor": "fields.proc\\.pid",
"filters": null,
"root": "content",
"transformers": null
}
},
"Process Name": {
"complex": {
"filters": [],
"root": "labels",
"transformers": [
{
"args": {
"field": {
"isContext": false,
"value": {
"simple": "process.name"
}
}
},
"operator": "getField"
}
]
}
},
"Sysdig Rule Name": {
"complex": {
"accessor": "ruleName",
"filters": null,
"root": "content",
"transformers": null
}
},
"Tags": {
"complex": {
"accessor": "ruleTags",
"filters": null,
"root": "content",
"transformers": null
}
},
"Sysdig Policy": {
"complex": {
"filters": null,
"root": "name",
"transformers": null
}
},
"Sysdig Container ID": {
"complex": {
"filters": [],
"root": "containerId",
"transformers": []
}
},
"Source Hostname": {
"complex": {
"filters": [],
"root": "labels",
"transformers": [
{
"args": {
"field": {
"isContext": false,
"value": {
"simple": "host.hostName"
}
}
},
"operator": "getField"
}
]
}
},
"MAC Address": {
"complex": {
"filters": [],
"root": "machineId",
"transformers": []
}
},
"Sysdig Agent ID": {
"complex": {
"filters": [],
"root": "agentId",
"transformers": []
}
},
"Sysdig Customer ID": {
"complex": {
"filters": [],
"root": "customerId",
"transformers": []
}
},
"Sysdig Severity": {
"complex": {
"filters": [],
"root": "severity",
"transformers": []
}
},
"Sysdig Category": {
"complex": {
"filters": [],
"root": "category",
"transformers": []
}
}
}
}
},
"name": "Sysdig Mapper Runtime Event",
"type": "mapping-incoming",
"version": -1,
"fromVersion": "6.0.0"
}
2 changes: 1 addition & 1 deletion Packs/Sysdig/IncidentFields/incidentfield-Sysdig_agent_id.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"ownerOnly": false,
"description": "The Sysdig Agent ID",
"cliName": "sysdigagentid",
"type": "shortText",
"type": "number",
"closeForm": false,
"editForm": true,
"required": false,
Expand Down
28 changes: 28 additions & 0 deletions Packs/Sysdig/IncidentFields/incidentfield-Sysdig_agent_version.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
{
"id": "incident_sysdigagentversion",
"version": -1,
"name": "Sysdig Agent Version",
"ownerOnly": false,
"description": "The Sysdig Agent Version",
"cliName": "sysdigagentversion",
"type": "shortText",
"closeForm": false,
"editForm": true,
"required": false,
"neverSetAsRequired": false,
"isReadOnly": false,
"useAsKpi": false,
"locked": false,
"system": false,
"content": true,
"group": 0,
"hidden": false,
"associatedTypes": [
"Sysdig Runtime Event"
],
"associatedToAll": false,
"unmapped": false,
"unsearchable": true,
"caseInsensitive": true,
"fromVersion": "6.0.0"
}
29 changes: 29 additions & 0 deletions Packs/Sysdig/IncidentFields/incidentfield-Sysdig_category.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
{
"id": "incident_sysdigcategory",
"version": -1,
"modified": "2025-02-26T15:27:26.26216777Z",
"name": "Sysdig Category",
"ownerOnly": false,
"description": "The Sysdig Category",
"cliName": "sysdigcategory",
"type": "shortText",
"closeForm": false,
"editForm": true,
"required": false,
"neverSetAsRequired": false,
"isReadOnly": false,
"useAsKpi": false,
"locked": false,
"system": false,
"content": true,
"group": 0,
"hidden": false,
"associatedTypes": [
"Sysdig Runtime Event"
],
"associatedToAll": false,
"unmapped": false,
"unsearchable": true,
"caseInsensitive": true,
"fromVersion": "6.0.0"
}
2 changes: 1 addition & 1 deletion Packs/Sysdig/IncidentFields/incidentfield-Sysdig_customer_id.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"ownerOnly": false,
"description": "The Sysdig Customer ID",
"cliName": "sysdigcustomerid",
"type": "shortText",
"type": "number",
"closeForm": false,
"editForm": true,
"required": false,
Expand Down
28 changes: 28 additions & 0 deletions Packs/Sysdig/IncidentFields/incidentfield-Sysdig_event_id.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
{
"id": "incident_sysdigeventid",
"version": -1,
"name": "Sysdig Event ID",
"ownerOnly": false,
"description": "The Sysdig Event ID",
"cliName": "sysdigeventid",
"type": "shortText",
"closeForm": false,
"editForm": true,
"required": false,
"neverSetAsRequired": false,
"isReadOnly": false,
"useAsKpi": false,
"locked": false,
"system": false,
"content": true,
"group": 0,
"hidden": false,
"associatedTypes": [
"Sysdig Runtime Event"
],
"associatedToAll": false,
"unmapped": false,
"unsearchable": true,
"caseInsensitive": true,
"fromVersion": "6.0.0"
}
28 changes: 28 additions & 0 deletions Packs/Sysdig/IncidentFields/incidentfield-Sysdig_policy.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
{
"id": "incident_sysdigpolicy",
"version": -1,
"name": "Sysdig Policy",
"ownerOnly": false,
"description": "The Sysdig Policy",
"cliName": "sysdigpolicy",
"type": "shortText",
"closeForm": false,
"editForm": true,
"required": false,
"neverSetAsRequired": false,
"isReadOnly": false,
"useAsKpi": false,
"locked": false,
"system": false,
"content": true,
"group": 0,
"hidden": false,
"associatedTypes": [
"Sysdig Runtime Event"
],
"associatedToAll": false,
"unmapped": false,
"unsearchable": true,
"caseInsensitive": true,
"fromVersion": "6.0.0"
}
28 changes: 28 additions & 0 deletions Packs/Sysdig/IncidentFields/incidentfield-Sysdig_rule_name.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
{
"id": "incident_sysdigrulename",
"version": -1,
"name": "Sysdig Rule Name",
"ownerOnly": false,
"description": "The Sysdig Rule Name",
"cliName": "sysdigrulename",
"type": "shortText",
"closeForm": false,
"editForm": true,
"required": false,
"neverSetAsRequired": false,
"isReadOnly": false,
"useAsKpi": false,
"locked": false,
"system": false,
"content": true,
"group": 0,
"hidden": false,
"associatedTypes": [
"Sysdig Runtime Event"
],
"associatedToAll": false,
"unmapped": false,
"unsearchable": true,
"caseInsensitive": true,
"fromVersion": "6.0.0"
}
Loading
Loading