Auditing and logging automatically any command execution being run across your distributed environment is a must for container security best practices.

This is useful for analyzing commands related to security events, and in general audit:

• User activity and executed commands even inside containers
• Commands run by unattended processes like cronjobs or package installation scripts

Sysdig offers the first unified approach to container security, monitoring, and forensics. DevSecOps teams and platform operators using Sysdig Secure will have peace of mind around who and what is executed on their clusters.