Sold by: Sysdig
Deployed on AWS
The Sysdig MCP Server enables AI agents to query and analyze cloud security data from Sysdig Secure through the Model Context Protocol, providing real-time access to runtime events, Kubernetes insights, cloud inventory, container metrics, etc.
Overview
The Sysdig MCP Server is an implementation of the Model Context Protocol (MCP) that enables AI agents like Claude, Amazon Q, and Cursor to query information directly from the Sysdig Secure platform. Security and DevOps teams can use natural language to investigate runtime security events, analyze process trees for forensic analysis, monitor Kubernetes clusters and workloads, and identify resource utilization anomalies across their cloud-native infrastructure.
Highlights
- Query runtime security events, investigate threats, and any other relative information for forensic analysis using natural language with any LLM.
- Complete visibility into your inventory Kubernetes clusters, workloads, and container health metrics including CPU/memory consumption, network errors, and pod restart counts.
Details
Sold by
Categories
Delivery method
Type
Supported services
Delivery option
Sysdig MCP server
Latest version
Operating system
Linux
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing and entitlements for this product are managed through an external billing relationship between you and the vendor. You activate the product by supplying a license purchased outside of AWS Marketplace, while AWS provides the infrastructure required to launch the product. AWS Subscriptions have no end date and may be canceled any time. However, the cancellation won't affect the status of the external license.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Vendor refund policy
This solution is provided free of charge. As there are no fees associated with this product, refunds are not applicable.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Sysdig MCP server
Supported services: Learn more
- Amazon Bedrock AgentCore
Container image
Containers are lightweight, portable execution environments that wrap server application software in a filesystem that includes everything it needs to run. Container applications run on supported container runtimes and orchestration services, such as Amazon Elastic Container Service (Amazon ECS) or Amazon Elastic Kubernetes Service (Amazon EKS). Both eliminate the need for you to install and operate your own container orchestration software by managing and scheduling containers on a scalable cluster of virtual machines.
Version release notes
You can review the full details for this release here: https://github.com/sysdiglabs/sysdig-mcp-server/releases/tag/v1.0.6
Additional details
Usage instructions
If you don't have a Sysdig Secure account, contact us here: https://www.sysdig.com/contact-us
Then, you will need to gather your API_TOKEN from your Sysdig Secure account, review more details here: https://github.com/sysdiglabs/sysdig-mcp-server?tab=readme-ov-file#configuration
In order to the Sysdig MCP server to access Sysdig Secure data you need to configure specific environment variables for your AgentCore agent:
- SYSDIG_MCP_API_TOKEN=<SYSDIG-SECURE-TOKEN>
- SYSDIG_MCP_API_HOST= <SYSDIG-SECURE-INSTANCE> (e.g., https://us2.app.sysdig.com )
Note: The Sysdig MCP server requires internet connectivy to communicate with Sysdig Secure's backend.
This is an example in how to create it through the AWS CLI, please ensure you replace the correct placeholders for every command:
1 - Create the MCP server (you will need configured the environment variables mentioned previously).
aws bedrock-agentcore-control create-agent-runtime --region <YOUR_REGION>
--agent-runtime-name "sysdig_mcp_server" --description "Sysdig MCP Server"
--role-arn "<YOUR_AgentCore_Runtime_Service_ARN>"
--agent-runtime-artifact containerConfiguration={containerUri=709825985650.dkr.ecr.us-east-1.amazonaws.com/sysdig/sysdig-mcp-server:v1.0.6}
--protocol-configuration serverProtocol=MCP
--network-configuration networkMode=PUBLIC
--environment-variables SYSDIG_MCP_API_HOST="${SYSDIG_MCP_API_HOST}",SYSDIG_MCP_API_TOKEN="${SYSDIG_MCP_API_TOKEN}"
Note: Copy the agentRuntimeArn as it will be needed for the next steps.
2 - List that the agent is running and working as expected.
- Here you can gather the "agentRuntimeArn" value to be used later in step 3
aws bedrock-agentcore-control list-agent-runtimes
If you haven't done it already, use the previous command to gather the "agentRuntimeArn" value from the resource previously created.
3 - Verify the MCP is working by listing the available tools:
Recommended to use a tool like 'jq' to parse the JSON output in the last command.
PAYLOAD_BASE64=$(echo -n '{"jsonrpc": "2.0", "id": 1, "method": "tools/list", "params": {}}' | base64)
aws bedrock-agentcore invoke-agent-runtime
--agent-runtime-arn "${AGENT_ARN}"
--payload "${PAYLOAD_BASE64}"
--content-type "application/json"
--accept "application/json, text/event-stream"
--qualifier "DEFAULT" output.json && cat output.json | jq .
The output will contain information for all the tools available within the MCP.
Support
Vendor support
If you encounter any problems, please feel free to open an issue here: https://github.com/sysdiglabs/sysdig-mcp-server
Also you can contact us at support@sysdig.com for any other issues.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Sysdig is a simple tool for deep system visibility with native support for containers.
In the cloud, every second counts. Sysdig's cloud-native application protection platform (CNAPP) stops cloud threats in real time and prioritizes the risks that matter most. Our CNAPP correlates signals across cloud workloads, identities, and services to uncover hidden attack paths.
Sysdig secures your AWS cloud and workload with top-rated support for services including Amazon ECS, Amazon EKS, and AWS Fargate, and integrations with AWS security solutions including AWS Security Hub, Amazon GuardDuty, and Amazon Security Lake.
Falco acts as a security camera detecting abnormal behavior, intrusions, and data theft in real time.
Accelerate your adoption of the Sysdig Secure DevOps Platform with professional services.
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.