-
Notifications
You must be signed in to change notification settings - Fork 392
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updates to KSPM Integration README #3964
Conversation
🌐 Coverage report
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
snippet in suggestion
Co-authored-by: David Natachanny <david.natachanny@elastic.co>
@amirbenun @kfirpeled @amirbenun can y'all please review for technical accuracy? thx! |
@tinnytintin10 Are we planning to add EKS screenshots as well as part of this PR? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good!
Merging In order to let @uri-weisman go ahed with his #3968
Will bump version in a follow up PR - #3997
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good overall, left some minor suggestions. Not sure about the formatting for links etc. in a readme so couldn't check you on that.
|
||
## Leader election | ||
1. Identify and remediate misconfigurations | ||
2. Understand the overall security posture of their Kubernetes clusters both- individually and holistically |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
2. Understand the overall security posture of their Kubernetes clusters both- individually and holistically | |
2. Understand the overall security posture of their Kubernetes clusters, both individually and holistically |
|
||
Cluster level data example: List of the running pods. | ||
Node level data example: kubelet configuration. | ||
After this integration has been installed for the first time, the following assets will get created and made available in the Security solution UI: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After this integration has been installed for the first time, the following assets will get created and made available in the Security solution UI: | |
After this integration has been installed for the first time, the following assets will get created and made available in the Elastic Security UI: |
|
||
| Asset | Description | | ||
| ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | | ||
| Posture Dashboard | The posture dashboard provides an overview of the security posture of all Kubernetes clusters monitored | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
| Posture Dashboard | The posture dashboard provides an overview of the security posture of all Kubernetes clusters monitored | | |
| Cloud Posture dashboard | The Cloud Posture dashboard provides an overview of the security posture of all monitored Kubernetes clusters | |
| Asset | Description | | ||
| ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | | ||
| Posture Dashboard | The posture dashboard provides an overview of the security posture of all Kubernetes clusters monitored | | ||
| Findings | Findings communicate the outcome of a specific resource being evaluated with a specific rule. All latest findings are viewable on the findings page | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
| Findings | Findings communicate the outcome of a specific resource being evaluated with a specific rule. All latest findings are viewable on the findings page | | |
| Findings | Findings communicate whether resources are compliant with applicable rules. Current findings are viewable on the Findings page | |
| ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | | ||
| Posture Dashboard | The posture dashboard provides an overview of the security posture of all Kubernetes clusters monitored | | ||
| Findings | Findings communicate the outcome of a specific resource being evaluated with a specific rule. All latest findings are viewable on the findings page | | ||
| Benchmark Rules | Benchmark rules are used to assess Kubernetes resources for secure configuration. Benchmark rules are viewable on the Benchmark page | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
| Benchmark Rules | Benchmark rules are used to assess Kubernetes resources for secure configuration. Benchmark rules are viewable on the Benchmark page | | |
| Benchmark Rules | Benchmark rules are used to assess Kubernetes resources for secure configuration. Benchmark rules are viewable on the Benchmarks page | |
|
||
CIS Kubernetes Benchmark integration is shipped including default dashboards and screens to manage the benchmark rules and inspect the compliance score and findings. | ||
This integration requires access to node files, node processes, and the Kubernetes api-server therefore it assumes the agent will be installed as a [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) with the proper [Roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole) and [RoleBindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#rolebinding-and-clusterrolebinding) attached. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This integration requires access to node files, node processes, and the Kubernetes api-server therefore it assumes the agent will be installed as a [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) with the proper [Roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole) and [RoleBindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#rolebinding-and-clusterrolebinding) attached. | |
This integration requires access to node files, node processes, and the Kubernetes api-server. Therefore it assumes the agent will be installed as a [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) with the proper [Roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole) and [RoleBindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#rolebinding-and-clusterrolebinding) attached. |
|
||
## Leader election | ||
|
||
To collect cluster level data (compared to node level information) the integration makes use of the [leader election](https://www.elastic.co/guide/en/fleet/master/kubernetes_leaderelection-provider.html) mechanism. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To collect cluster level data (compared to node level information) the integration makes use of the [leader election](https://www.elastic.co/guide/en/fleet/master/kubernetes_leaderelection-provider.html) mechanism. | |
To collect cluster level data (rather than just node level information) the integration makes use of the [leader election](https://www.elastic.co/guide/en/fleet/master/kubernetes_leaderelection-provider.html) mechanism. |
What does this PR do?
Updates to the readme of the KSPM integration to include
Beyond these two main changes, all the other changes were cosmetic updates to the structure/order of the different sections in the readme.