Skip to content
Connection Guide

Connect Sysdig Secure Without Breaking the Audit Trail

Use this guide to connect Sysdig Secure or confirm the export-based path that fits your environment. Aurora keeps source, timestamps, ownership, and collection history attached so the first run becomes reusable proof instead of one-off setup work.

Connector Summary
Connection typeDirect connection
CategoryCloud Security
Checklist4 steps
Want help with rollout?
We'll confirm what can be automated, what stays export-based, and how to keep the first evidence record clean.

First-Run Checklist

Use this sequence to connect Sysdig Secure and make sure the first collection lands cleanly.

  1. 1
    Create a Team-Based Service Account token with one custom read-only team role containing the published `team-search.read` permission slug.
  2. 2
    Store base_url and bearer_token securely and validate schema plus one bounded SysQL query before enabling scheduled sync.
  3. 3
    Keep group-mapping and access-key metadata endpoints as optional enrichers until the tenant explicitly validates broader admin-scoped read access.
  4. 4
    Honor documented LIMIT/OFFSET paging and 429 backoff guidance; do not add write or destructive permissions.

Credentials and Secrets

The keys, secrets, or tokens Aurora uses to authenticate and collect proof.

bearer_token

Recommended Access

Aurora only asks for the minimum read access needed for collection and checks.

Access requirements depend on the collection mode and scope you choose.