Operations | Monitoring | ITSM | DevOps | Cloud

April 2021

How to monitor Microsoft SQL Server with Prometheus

In this article, you will learn how to monitor SQL Server with Prometheus. SQL Server is a popular database, which is very straightforward to monitor with a simple Prometheus exporter. Like all databases, SQL Server has many points of failure, such as delays in transactions or too many connections in the database. We are basing this guide on Golden Signals, a reduced set of metrics that offer a wide view of a service from a user or consumer perspective.

Exploiting and detecting CVE-2021-25735: Kubernetes validating admission webhook bypass

The CVE-2021-25735 medium-level vulnerability has been found in Kubernetes kube-apiserver that could bypass a Validating Admission Webhook and allow unauthorised node updates. The kube-apiserver affected are: You are only affected by this vulnerability if both of the following conditions are valid: By exploiting the vulnerability, adversaries could bypass the Validating Admission Webhook checks and allow update actions on Kubernetes nodes.

Our $188M funding round fuels our mission to help customers confidently run modern cloud applications

Today, I am excited to share that we secured $188M in a new funding round, at a valuation of $1.19B (read more here). At the outset, I want to thank our employees, partners, investors and most importantly, our customers for this important milestone. The funding follows a year of unmatched innovation that led to accelerated revenue growth, installed base growth, and rapid community adoption of our open source projects.

Monitoring Ceph health with Prometheus

Monitoring Ceph with Prometheus is straightforward since Ceph already exposes an endpoint with all of its metrics for Prometheus. In this article, we will put it all together to help you start monitoring your Ceph storage cluster and guide you through all the important metrics. Ceph offers a great solution for object-based storage to manage large amounts of data even on economical hardware. Besides, the Ceph Foundation is organized as a direct fund under the Linux Foundation.

How to detect EC2 Serial Console enabled

Recently, Amazon AWS introduced the new feature EC2 Serial Console for instances using Nitro System. It provides a simple and secure way to perform troubleshooting by establishing a connection to the serial port of an instance. Even though this feature is useful in case of break glass situations, from a security perspective, it could be used by adversaries to gain access through an unguarded secondary entrance.

What's new in Sysdig - April 2021

Welcome to another monthly update on what’s new from Sysdig. Ramadan Kareem to all observing the holy month of Ramadan. Our team continues to work hard to bring great new features to all of our customers, automatically and for free! This last month was a big month for security with our release of Cloud Security Posture Management (CSPM), and we had lots of fun designing and releasing our new Cloud Chaos game!

Mitigating CVE-2021-20291: DoS affecting CRI-O and Podman

The CVE-2021-20291 medium-level vulnerability has been found in containers/storage Go library, leading to Denial of Service (DoS) when vulnerable container engines pull an injected image from a registry. The container engines affected are: Any containerized infrastructure that relies on these vulnerable container engines are affected as well, including Kubernetes and OpenShift.

Top 5 key metrics for monitoring AWS RDS

Monitoring AWS RDS may require some observability strategy changes if you switched from a classic on-prem MySQL/PostgreSQL solution. AWS RDS is a great solution that helps you focus on the data, and forget about bare metal, patches, backups, etc. However, since you don’t have direct access to the machine, you’ll need to adapt your monitoring platform.

Unveil hidden malicious processes with Falco in cloud-native environments

Detecting malicious processes is already complicated in cloud-native environments, as without the proper tools they are black boxes. It becomes even more complicated if those malicious processes are hidden. A malware using open source tools to evade detection has been reported. The open source project used by the malware is libprocesshider, a tool created by Sysdig’s former chief architect Gianluca.

Run confidently with secure DevOps

The rapid pace of digital transformation is accelerating the shift to cloud-native applications using containers and Kubernetes to speed the pace of delivery. But application delivery is one thing. Application uptime performance and protection are another. For cloud teams already running production one fact is clear, monitoring and troubleshooting are only the beginning. They also need to own security and compliance for their apps. In cloud-native DevOps is not enough. It's time for secure DevOps.