Updates to KSPM Integration README #3964
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tinnytintin10
added
documentation
2 tasks
2 tasks
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
🤖 GitHub commentsTo re-run your PR in the CI, just comment with:
|
🌐 Coverage report
|
DaveSys911
reviewed
Aug 9, 2022
DaveSys911
approved these changes
Aug 9, 2022
Co-authored-by: David Natachanny <david.natachanny@elastic.co>
tinnytintin10
requested review from
eyalkraft,
amirbenun and
kfirpeled
and removed request for
eyalkraft
|
@amirbenun @kfirpeled @amirbenun can y'all please review for technical accuracy? thx! |
|
@tinnytintin10 Are we planning to add EKS screenshots as well as part of this PR? |
eyalkraft
approved these changes
Aug 14, 2022
There was a problem hiding this comment.
Looks good!
Merging In order to let @uri-weisman go ahed with his #3968
Will bump version in a follow up PR - #3997
4 tasks
benironside
reviewed
Aug 18, 2022
|
|
||
| ## Leader election | ||
| 1. Identify and remediate misconfigurations | ||
| 2. Understand the overall security posture of their Kubernetes clusters both- individually and holistically |
There was a problem hiding this comment.
Suggested change
| 2. Understand the overall security posture of their Kubernetes clusters both- individually and holistically | |
| 2. Understand the overall security posture of their Kubernetes clusters, both individually and holistically |
|
|
||
| Cluster level data example: List of the running pods. | ||
| Node level data example: kubelet configuration. | ||
| After this integration has been installed for the first time, the following assets will get created and made available in the Security solution UI: |
There was a problem hiding this comment.
Suggested change
| After this integration has been installed for the first time, the following assets will get created and made available in the Security solution UI: | |
| After this integration has been installed for the first time, the following assets will get created and made available in the Elastic Security UI: |
|
|
||
| | Asset | Description | | ||
| | ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | | ||
| | Posture Dashboard | The posture dashboard provides an overview of the security posture of all Kubernetes clusters monitored | |
There was a problem hiding this comment.
Suggested change
| | Posture Dashboard | The posture dashboard provides an overview of the security posture of all Kubernetes clusters monitored | | |
| | Cloud Posture dashboard | The Cloud Posture dashboard provides an overview of the security posture of all monitored Kubernetes clusters | |
| | Asset | Description | | ||
| | ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | | ||
| | Posture Dashboard | The posture dashboard provides an overview of the security posture of all Kubernetes clusters monitored | | ||
| | Findings | Findings communicate the outcome of a specific resource being evaluated with a specific rule. All latest findings are viewable on the findings page | |
There was a problem hiding this comment.
Suggested change
| | Findings | Findings communicate the outcome of a specific resource being evaluated with a specific rule. All latest findings are viewable on the findings page | | |
| | Findings | Findings communicate whether resources are compliant with applicable rules. Current findings are viewable on the Findings page | |
| | ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | | ||
| | Posture Dashboard | The posture dashboard provides an overview of the security posture of all Kubernetes clusters monitored | | ||
| | Findings | Findings communicate the outcome of a specific resource being evaluated with a specific rule. All latest findings are viewable on the findings page | | ||
| | Benchmark Rules | Benchmark rules are used to assess Kubernetes resources for secure configuration. Benchmark rules are viewable on the Benchmark page | |
There was a problem hiding this comment.
Suggested change
| | Benchmark Rules | Benchmark rules are used to assess Kubernetes resources for secure configuration. Benchmark rules are viewable on the Benchmark page | | |
| | Benchmark Rules | Benchmark rules are used to assess Kubernetes resources for secure configuration. Benchmark rules are viewable on the Benchmarks page | |
|
|
||
| CIS Kubernetes Benchmark integration is shipped including default dashboards and screens to manage the benchmark rules and inspect the compliance score and findings. | ||
| This integration requires access to node files, node processes, and the Kubernetes api-server therefore it assumes the agent will be installed as a [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) with the proper [Roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole) and [RoleBindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#rolebinding-and-clusterrolebinding) attached. |
There was a problem hiding this comment.
Suggested change
| This integration requires access to node files, node processes, and the Kubernetes api-server therefore it assumes the agent will be installed as a [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) with the proper [Roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole) and [RoleBindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#rolebinding-and-clusterrolebinding) attached. | |
| This integration requires access to node files, node processes, and the Kubernetes api-server. Therefore it assumes the agent will be installed as a [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) with the proper [Roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole) and [RoleBindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#rolebinding-and-clusterrolebinding) attached. |
|
|
||
| ## Leader election | ||
|
|
||
| To collect cluster level data (compared to node level information) the integration makes use of the [leader election](https://www.elastic.co/guide/en/fleet/master/kubernetes_leaderelection-provider.html) mechanism. |
There was a problem hiding this comment.
Suggested change
| To collect cluster level data (compared to node level information) the integration makes use of the [leader election](https://www.elastic.co/guide/en/fleet/master/kubernetes_leaderelection-provider.html) mechanism. | |
| To collect cluster level data (rather than just node level information) the integration makes use of the [leader election](https://www.elastic.co/guide/en/fleet/master/kubernetes_leaderelection-provider.html) mechanism. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Updates to the readme of the KSPM integration to include
Beyond these two main changes, all the other changes were cosmetic updates to the structure/order of the different sections in the readme.