Wiz Sensor Service

• Alerts: https://alerts.gitlab.net/#/alerts?filter=%7Btype%3D%22wiz-runtime-sensor%22%2C%20tier%3D%22inf%22%7D
• Label: gitlab-com/gl-infra/production~“Service::WizSensor”

Logging

Important

The main runbook has been migrated to Internal Handbook. Please refer there for more details.

Summary

Wiz Runtime Sensor is a small ebpf (Extended Berkeley Packet Filter) agent deployed on every Kubernetes Node, meticulously monitoring system calls to pinpoint suspicious activities. It proactively identifies and alerts on behaviours that look malicious, signalling potential security threats or anomalies. The Wiz Sensor operates by leveraging a set of rules that define which system call sequences and activities are deemed abnormal or indicative of security incidents.