I don’t know much about Sysdig, but it does not sound like a good idea to put something like this in dom0. Also can it be used with Xen? If not, it won’t work.
I’ll have a play and a read. I don’t fully grasp Xen let alone Xen vs Dom. If you don’t mind me asking, what is the rational for this being a bad idea on dom0?
In general you do not want to install much if anything extra in dom0. If one manages to break into dom0, they get access to everything. This looks like a complicated tool that analyzes what is going on in all containers, so it probably significantly increases the attack surface. If you want to use something like SysDig, you should probably run it in a different VM that would only have access to a subset of other VMs.
Qubes is based on Xen and from a brief look, this seemed like a tool for other virtualization solutions that use containers.