Sold by: Sysdig
Deployed on AWS
The Sysdig MCP Server enables AI agents to query and analyze cloud security data from Sysdig Secure through the Model Context Protocol, providing real-time access to runtime events, Kubernetes insights, cloud inventory, container metrics, etc.
4.8
Overview
The Sysdig MCP Server is an implementation of the Model Context Protocol (MCP) that enables AI agents like Claude, Amazon Q, and Cursor to query information directly from the Sysdig Secure platform. Security and DevOps teams can use natural language to investigate runtime security events, analyze process trees for forensic analysis, monitor Kubernetes clusters and workloads, and identify resource utilization anomalies across their cloud-native infrastructure.
Highlights
- Query runtime security events, investigate threats, and any other relative information for forensic analysis using natural language with any LLM.
- Complete visibility into your inventory Kubernetes clusters, workloads, and container health metrics including CPU/memory consumption, network errors, and pod restart counts.
Details
Sold by
Categories
Delivery method
Type
Supported services
Delivery option
Sysdig MCP server
Latest version
Operating system
Linux
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing and entitlements for this product are managed through an external billing relationship between you and the vendor. You activate the product by supplying a license purchased outside of AWS Marketplace, while AWS provides the infrastructure required to launch the product. AWS Subscriptions have no end date and may be canceled any time. However, the cancellation won't affect the status of the external license.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Vendor refund policy
This solution is provided free of charge. As there are no fees associated with this product, refunds are not applicable.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Sysdig MCP server
Supported services: Learn more
- Amazon Bedrock AgentCore
Container image
Containers are lightweight, portable execution environments that wrap server application software in a filesystem that includes everything it needs to run. Container applications run on supported container runtimes and orchestration services, such as Amazon Elastic Container Service (Amazon ECS) or Amazon Elastic Kubernetes Service (Amazon EKS). Both eliminate the need for you to install and operate your own container orchestration software by managing and scheduling containers on a scalable cluster of virtual machines.
Version release notes
You can review the full details for this release here: https://github.com/sysdiglabs/sysdig-mcp-server/releases/tag/v1.0.6
Additional details
Usage instructions
If you don't have a Sysdig Secure account, contact us here: https://www.sysdig.com/contact-us
Then, you will need to gather your API_TOKEN from your Sysdig Secure account, review more details here: https://github.com/sysdiglabs/sysdig-mcp-server?tab=readme-ov-file#configuration
In order to the Sysdig MCP server to access Sysdig Secure data you need to configure specific environment variables for your AgentCore agent:
- SYSDIG_MCP_API_TOKEN=<SYSDIG-SECURE-TOKEN>
- SYSDIG_MCP_API_HOST= <SYSDIG-SECURE-INSTANCE> (e.g., https://us2.app.sysdig.com )
Note: The Sysdig MCP server requires internet connectivy to communicate with Sysdig Secure's backend.
This is an example in how to create it through the AWS CLI, please ensure you replace the correct placeholders for every command:
1 - Create the MCP server (you will need configured the environment variables mentioned previously).
aws bedrock-agentcore-control create-agent-runtime --region <YOUR_REGION>
--agent-runtime-name "sysdig_mcp_server" --description "Sysdig MCP Server"
--role-arn "<YOUR_AgentCore_Runtime_Service_ARN>"
--agent-runtime-artifact containerConfiguration={containerUri=709825985650.dkr.ecr.us-east-1.amazonaws.com/sysdig/sysdig-mcp-server:v1.0.6}
--protocol-configuration serverProtocol=MCP
--network-configuration networkMode=PUBLIC
--environment-variables SYSDIG_MCP_API_HOST="${SYSDIG_MCP_API_HOST}",SYSDIG_MCP_API_TOKEN="${SYSDIG_MCP_API_TOKEN}"
Note: Copy the agentRuntimeArn as it will be needed for the next steps.
2 - List that the agent is running and working as expected.
- Here you can gather the "agentRuntimeArn" value to be used later in step 3
aws bedrock-agentcore-control list-agent-runtimes
If you haven't done it already, use the previous command to gather the "agentRuntimeArn" value from the resource previously created.
3 - Verify the MCP is working by listing the available tools:
Recommended to use a tool like 'jq' to parse the JSON output in the last command.
PAYLOAD_BASE64=$(echo -n '{"jsonrpc": "2.0", "id": 1, "method": "tools/list", "params": {}}' | base64)
aws bedrock-agentcore invoke-agent-runtime
--agent-runtime-arn "${AGENT_ARN}"
--payload "${PAYLOAD_BASE64}"
--content-type "application/json"
--accept "application/json, text/event-stream"
--qualifier "DEFAULT" output.json && cat output.json | jq .
The output will contain information for all the tools available within the MCP.
Support
Vendor support
If you encounter any problems, please feel free to open an issue here: https://github.com/sysdiglabs/sysdig-mcp-server
Also you can contact us at support@sysdig.com for any other issues.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Sysdig is a simple tool for deep system visibility with native support for containers.
In the cloud, every second counts. Sysdig's cloud-native application protection platform (CNAPP) stops cloud threats in real time and prioritizes the risks that matter most. Our CNAPP correlates signals across cloud workloads, identities, and services to uncover hidden attack paths.
Sysdig secures your AWS cloud and workload with top-rated support for services including Amazon ECS, Amazon EKS, and AWS Fargate, and integrations with AWS security solutions including AWS Security Hub, Amazon GuardDuty, and Amazon Security Lake.
Falco acts as a security camera detecting abnormal behavior, intrusions, and data theft in real time.
Accelerate your adoption of the Sysdig Secure DevOps Platform with professional services.
Customer reviews
Syed Shahid A.
Excellent Real-Time Kubernetes Security Visibility and Threat Detection
Reviewed on Apr 29, 2026
Review provided by G2
What do you like best about the product?
Sysdig Secure provides excellent real-time visibility into cloud-native and containerized environments, especially for Kubernetes workloads. Its runtime threat detection, vulnerability management, and compliance monitoring are highly effective for identifying and prioritizing real security risks.
What do you dislike about the product?
While Sysdig Secure offers strong cloud-native security capabilities, the initial setup and configuration can be complex, especially for teams new to Kubernetes or container security.
What problems is the product solving and how is that benefiting you?
Sysdig Secure helps solve the challenge of securing cloud-native environments, especially Kubernetes and containerized workloads, by providing real-time runtime threat detection, vulnerability management, and compliance monitoring in a single platform.
sahil p.
Secure your container with sysdig secure
Reviewed on Sep 16, 2025
Review provided by G2
What do you like best about the product?
The UI is very impressive and the correlation of the Sysdig's secure CNAPP is very good.
What do you dislike about the product?
Nothing to dislike so far, We liked the product.
What problems is the product solving and how is that benefiting you?
We are unable to look through the malware or the vulnerabilities in our container with traditional EDR and vulnerability scanner. that Sysdig has solved.
Kapil S.
Enhancing Cloud Security with Real-time Threat Detection
Reviewed on Sep 08, 2025
Review provided by G2
What do you like best about the product?
real-time visibility into cloud-native environments with robust runtime threat detection & prevention for containers and Kubernetes.
What do you dislike about the product?
Good level of knowledge required to deploy and integration with current setup.
What problems is the product solving and how is that benefiting you?
providing container and Kubernetes security, runtime threat detection, vulnerability management, and compliance enforcement and Support and solution provided by India SE Lead is hightly appreciated. the combination of SYSDIG+Team knowledge is excellent.
Prasanna G.
Robust Security Insights with Clear Visualizations
Reviewed on May 26, 2025
Review provided by G2
What do you like best about the product?
Sysdig Secure offers comprehensive visibility into container and Kubernetes security. I particularly appreciate its real-time threat detection and intuitive dashboards, which make complex security data more digestible—even for documentation and communication purposes. The integration with CI/CD pipelines and Kubernetes environments is seamless, helping teams maintain a secure DevOps workflow.
What do you dislike about the product?
While Sysdig Secure is feature-rich, the initial learning curve can be a bit steep for new users, especially those outside traditional DevSecOps roles. Some configuration options could be more user-friendly, and documentation sometimes lags behind new feature releases.
What problems is the product solving and how is that benefiting you?
Sysdig Secure addresses key challenges in container and Kubernetes security by providing deep visibility, runtime threat detection, and compliance enforcement. In my role as a Tech Writer, it helps me understand and document complex security workflows with clarity. The platform’s detailed security event data, visual insights, and audit trails make it easier to create accurate, user-friendly content. This not only supports internal teams but also enhances the quality of documentation for end users, improving knowledge transfer and reducing security misconfigurations.
Information Technology and Services
Efficient security platform
Reviewed on May 21, 2025
Review provided by G2
What do you like best about the product?
It offers seamless integration with Docker and Kubernetes.We can use it for real time threat detection.
What do you dislike about the product?
Eventhough it is very powerful and useful the initial setup is too complex
What problems is the product solving and how is that benefiting you?
It adressess many critical challenges of container security and complaince. we use it for real time threat detection.