The Sysdig MCP server is now available in AWS Marketplace
Falco Feeds extends the power of Falco by giving open source-focused companies access to expert-written rules that are continuously updated as new threats are discovered.
Correlating security signals from cloud services, container registries, and runtime environments is an important component of maintaining secure cloud deployments. But making this a seamless process, without the need for complex, manual integrations, is often challenging.
Traditional workflow automations typically involve defining behavior programmatically or building step-by-step processes with decision trees. Currently, automation platforms are used to connect critical apps, but this often results in a web of rules and routines that don’t keep up with an ecosystem that is constantly changing.
To help you with deployments on AWS that take advantage of AI and automation for signal correlation, we are thrilled to announce that the Sysdig Model Context Protocol (MCP) Server is officially available in the AWS Marketplace. As part of the new "AI Agents and Tools" category, Sysdig is making it easier than ever for you to bridge the gap between your security data and AI-powered workflows.
Frictionless MCP server deployment via Amazon Bedrock
The most exciting part of this launch is how it integrates with the Amazon Bedrock AgentCore Runtime. Because the Sysdig MCP server is hosted and available via the AWS Marketplace, deployment takes just a few steps.
With the Sysdig MCP server and Amazon Bedrock AgentCore Runtime, you gain:
- Fast deployment: Spin up the Sysdig MCP server directly within an AWS environment in minutes.
- Seamless integration: Connect the Sysdig MCP server to Amazon Bedrock Agents to provide a "security-aware" brain for custom LLMs.
- Unified governance: Manage the subscription and permissions through familiar AWS billing and IAM roles.
How Sysdig MCP Server revolutionizes the security workflow
By bringing Sysdig’s deep runtime insights into the MCP ecosystem, this integration provides SecOps teams with the speed, scale, and AI-enhanced automation they need to defend their cloud estate.
Sysdig’s MCP server is an open, pre-built Docker image that provides data from Sysdig’s cloud native application protection platform (CNAPP). With it, external LLMs and AI agents can access Sysdig security insights via a standard interface rather than through custom integrations. Some use cases where it can be used are:
Automated remediation with human oversight
We believe in the "human-in-the-loop" model. The Sysdig MCP server allows AI agents to draft remediation scripts, such as updating a Runtime policy or modifying a Kubernetes Network Policy, based on real-time threat data. These suggestions are then presented to a human operator for final approval, drastically reducing mean time to respond (MTTR) while ensuring that the action is appropriate and aligns with your internal policies.
Natural language forensics
Traditionally, security teams were often forced to learn different query languages for different tools. Or, they needed to craft queries that could correlate data from disparate dashboards during an investigation. This workflow wasted time and effort.
With this integration, instead of navigating complex dashboards during an incident, an analyst can ask a Bedrock-powered AI agent: "Show me all suspicious activity in the 'payments' namespace over the last hour." The agent uses the MCP server to query Sysdig’s activity logs and presents a summarized timeline of the event.
Predictive posture management
Shifting left is no longer a future state for organizations - it’s table stakes. This integration enables you to introduce security-aware AI into your existing CI/CD pipelines, which helps ensure that what goes into production meets your standards. Agents can automatically review pull requests or infrastructure-as-code (IaC) templates, using Sysdig’s real-time data to predict potential security regressions before they are deployed. This added layer of baked-in review helps eliminate risks without adding complexity or slowing down timelines.
Empowering SecOps teams with AI-driven context
The availability of the Sysdig MCP server in the AWS Marketplace simplifies how security teams leverage Generative AI. By providing a standardized way to connect Sysdig’s deep runtime insights with Amazon Bedrock, organizations can move past "chatting with data" and start building autonomous, context-aware security workflows.
Benefits of integrating the Sysdig MCP server into your AWS environment include:
- Accelerated AI adoption: Deploy the Sysdig MCP server in minutes within the Amazon Bedrock AgentCore Runtime. This eliminates the need for custom "glue code," allowing you to point your AI agents directly at your security data via a native AWS experience.
- Real-time runtime context: Give your AI agents the "eyes" they need. By bridging the gap between static vulnerability lists and live runtime reality, your agents can prioritize risks based on what is actually happening in your clusters right now.
- Unified agentic workflows: Combine Sysdig security context with other MCP servers (AWS API, documentation, cost analysis) in a single agent session. Investigate a runtime alert, check the affected workload's configuration, and review IAM permissions-all through one conversational interface.
Conclusion
The availability of the Sysdig MCP Server in the AWS Marketplace simplifies integration with Amazon Bedrock AgentCore Runtime and helps you connect your security data with AI-powered workflows. Providing real-time runtime context to your AI agents accelerates AI adoption and enables AI-assisted remediation with human oversight.
Ready to leverage these capabilities? Empower your AI agents with real-time security context by finding Sysdig in the AWS Marketplace AI Agents and Tools Category.