How to use Sysdig OSS

Sysdig Inspect is an open-source tool designed for container troubleshooting and security investigations, functioning as a forensic complement to Falco's real-time threat detection capabilities. It captures detailed system call activities in .scap files, akin to packet captures in Wireshark, providing invaluable insights into the behavior of containers, applications, and systems running on Linux hosts. Sysdig Inspect's user-friendly interface and versatile command-line interface (CLI) offer deep visibility into system behaviors, aiding Digital Forensics & Incident Response (DFIR) practitioners in tracing activity leading up to security breaches or performance issues. This functionality enables the design of better threat detection rules for Falco and facilitates the identification of performance bottlenecks by analyzing interactions with system resources. Furthermore, Sysdig Inspect supports cloud-native environments by allowing for flexible deployment and capture even in resource-constrained or remote setups, making it an essential tool for modern cloud operations.