[DOCS] KSPM docs reorg (#2539) (#2582)

* KSPM docs reorg

* Attempts to fix build error and removes outdated part of Benchmarks page

* Fixes build error

* testing build error

* tests docs build

* Takes another approach to build problems

* Updates //comment

* Update section headings for subordination

* make dashboard page subordinate to KSPM page

* Update docs/cloud-native-security/kspm.asciidoc

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>

* Update docs/cloud-native-security/kspm.asciidoc

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>

* Update docs/cloud-native-security/kspm.asciidoc

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>

* Update docs/cloud-native-security/kspm.asciidoc

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>

* Update docs/cloud-native-security/kspm.asciidoc

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>

* Adds ToC and creates "Getting started" page

* troubleshoots ToC issue

* adds missing anchor

* fixes build error

* Add AWS auth details

* troubleshoot headings/docs ToC

* Minor fixes

* minor updates

* Update docs/cloud-native-security/benchmark-rules.asciidoc

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>

* Update docs/cloud-native-security/cloud-nat-sec-posture-dashboard.asciidoc

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>

* Update docs/cloud-native-security/cloud-native-security-index.asciidoc

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>

* Update docs/cloud-native-security/findings.asciidoc

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>

* Update docs/cloud-native-security/findings.asciidoc

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>

* Update docs/cloud-native-security/get-started-with-kspm.asciidoc

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>

* Update docs/cloud-native-security/get-started-with-kspm.asciidoc

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>

* Update docs/cloud-native-security/get-started-with-kspm.asciidoc

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>

* Update docs/cloud-native-security/get-started-with-kspm.asciidoc

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>

* Update docs/cloud-native-security/get-started-with-kspm.asciidoc

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>

* Update docs/cloud-native-security/findings.asciidoc

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>

* Update docs/cloud-native-security/get-started-with-kspm.asciidoc

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>

* Update docs/cloud-native-security/get-started-with-kspm.asciidoc

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>

* Update docs/cloud-native-security/get-started-with-kspm.asciidoc

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>

* Update docs/cloud-native-security/get-started-with-kspm.asciidoc

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>

* Update docs/cloud-native-security/get-started-with-kspm.asciidoc

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>

* Update docs/cloud-native-security/get-started-with-kspm.asciidoc

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>

* Update docs/cloud-native-security/get-started-with-kspm.asciidoc

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>

* Update docs/cloud-native-security/get-started-with-kspm.asciidoc

Co-authored-by: Joe Peeples <joe.peeples@elastic.co>

* Incorporates Joe's and Nastasha's feedback.

* maintains dashboard doc parity

* minor change

* Incorporates Janeen's and Tinsae's feedback

* minor fixes

Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
Co-authored-by: Joe Peeples <joe.peeples@elastic.co>
(cherry picked from commit 1ac0a00)

Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>

Author: mergify[bot]

docs/cloud-native-security/benchmark-rules.asciidoc

@@ -1,13 +1,12 @@
 [[benchmark-rules]]
-= Benchmark rules
-The Benchmark Integrations page lets you view and manage cloud security posture (CSP) benchmark rules for each of your <<kspm, Kubernetes security posture management (KSPM) integrations>>. Enabled benchmark rules define the Kubernetes configuration best practices that form the basis of the data that appears on the <<cloud-posture-dashboard, Cloud Posture dashboard>>.
+== Benchmark rules
+The Benchmark Integrations page lets you view the cloud security posture (CSP) benchmark rules for your <<kspm, Kubernetes security posture management (KSPM) integrations>>. Benchmark rules define the Kubernetes configuration best practices that form the basis of the data that appears on the <<cloud-posture-dashboard, Cloud Posture dashboard>>.
 
 To find the Benchmark Integrations page, go to **Manage -> CSP Benchmarks**. From there, to view the benchmark rules associated with an integration, select that integration's name.
 
-image::images/benchmark-rules.png[The Benchmark rules page]
+[role="screenshot"]
+image::images/benchmark-rules.png[Benchmark rules page]
 
 You can then click on a benchmark rule's name to see details, including information about how to remediate failures and related links.
 
-You can enable or disable benchmark rules for each integration, either individually or in bulk using the *Bulk Actions* menu. By default, benchmark rules are enabled.
-
 NOTE: Benchmark rules are not editable.

docs/cloud-native-security/cloud-nat-sec-posture-dashboard.asciidoc

@@ -0,0 +1,17 @@
+[[cloud-nat-sec-posture-dashboard]]
+// Note: This page is intentionally duplicated by docs/dashboards/cloud-posture.asciidoc. When you update this page, update that page to match.
+
+== Cloud Posture dashboard
+
+The Cloud Posture dashboard summarizes how your Kubernetes configuration measures up to security benchmarks.
+
+NOTE: To learn how to collect this data, refer to <<kspm, Kubernetes security posture management>>.
+
+[role="screenshot"]
+image::images/cloud-sec-dashboard.png[Cloud Security dashboard]
+
+The first row of cards (Cloud Posture Score, Failed Findings, and Open Cases) summarizes your overall cloud security posture (CSP) by aggregating data from all monitored Kubernetes clusters. Each subsequent row summarizes the posture of an individual Kubernetes cluster.
+
+The Cloud Posture Score card shows the performance of your Kubernetes clusters on <<benchmark-rules,security benchmarks>>. Hover over the card to display when the data was collected.
+
+The Failed Findings card shows failed findings grouped by Center for Internet Security (CIS) benchmark categories. Click any section name to view its failed findings on the <<findings-page, Findings page>>.

docs/cloud-native-security/cloud-native-security-index.asciidoc

@@ -1,7 +1,10 @@
 [[cloud-native-security-overview]]
 
 = Cloud native security
-Elastic’s cloud security capabilities help you to improve your Kubernetes security posture by comparing your configuration to best practices, and help you monitor and investigate your Linux deployments inside and outside of Kubernetes. 
+Elastic’s cloud security capabilities help you to improve your Kubernetes security posture by comparing your configuration to best practices, and allow you to monitor and investigate your Linux deployments inside and outside of Kubernetes.
 
 include::kspm.asciidoc[leveloffset=+1]
+include::get-started-with-kspm.asciidoc[leveloffest=+1]
+include::findings.asciidoc[leveloffset=+1]
 include::benchmark-rules.asciidoc[leveloffset=+1]
+include::cloud-nat-sec-posture-dashboard.asciidoc[leveloffset=+1]

docs/cloud-native-security/findings.asciidoc

@@ -0,0 +1,11 @@
+[[findings-page]]
+== Findings page
+
+[role="screenshot"]
+image::images/findings-page.png[Findings page]
+
+The Findings page shows how your Kubernetes clusters' configuration measures up to the standards defined on the <<benchmark-rules, CSP Benchmarks page>>.
+
+Findings are organized by the resource IDs of the associated Kubernetes infrastructure and include data about the infrastructure and benchmark rules. Each finding's result (`pass` or `fail`) indicates whether a particular part of your Kubernetes infrastructure meets an active CSP benchmark rule.
+
+You can filter table data by entering queries into the KQL search bar.

docs/cloud-native-security/get-started-with-kspm.asciidoc

@@ -0,0 +1,227 @@
+[[get-started-with-kspm]]
+=== Get started with KSPM
+This page explains how to configure the Kubernetes Security Posture Management integration.
+
+The instructions differ depending on whether you're installing on EKS or on unmanaged clusters.
+
+* Install on EKS-managed clusters:
+  . <<kspm-setup-eks-start,Name your integration and select a Kubernetes deployment type>>
+  . <<kspm-setup-eks-auth,Authenticate to AWS>>
+  . <<kspm-setup-eks-finish,Finish configuring the KSPM integration>>
+  . <<kspm-setup-eks-modify-deploy,Deploy the DaemonSet to your clusters>>
+
+
+* Install on unmanaged clusters:
+  . <<kspm-setup-unmanaged,Configure the KSPM integration>>
+  . <<kspm-setup-unmanaged-modify-deploy,Deploy the DaemonSet manifest to your clusters>>
+
+[discrete]
+[[kspm-setup-eks-start]]
+=== Set up KSPM for Amazon EKS clusters
+
+[discrete]
+==== Name your integration and select a Kubernetes Deployment type
+
+1. Go to *Dashboards -> Cloud Posture*.
+2. Click *Add a KSPM integration*.
+3. Read the integration's description to understand how it works. Then, click *Add Kubernetes Security Posture Management*.
+4. Name your integration. Use a name that matches the purpose or team of the cluster(s) you want to monitor, for example, `IT-dev-k8s-clusters`.
+5. Select *EKS* from the *Kubernetes Deployment* menu. A new section for AWS credentials will appear.
+
+[discrete]
+[[kspm-setup-eks-auth]]
+==== Authenticate to AWS
+
+There are several options for how to provide AWS credentials:
+
+* <<kspm-use-keys-directly,Use access keys directly>>
+* <<kspm-use-temp-credentials,Use temporary security credentials>>
+* <<kspm-use-a-shared-credentials-file,Use a shared credentials file>>
+* <<kspm-use-iam-arn,Use an IAM role ARN>>
+
+Regardless of which option you use, you'll need to grant the following permissions:
+
+
+
+[source,console]
+----------------------------------
+ecr:GetRegistryPolicy,
+eks:ListTagsForResource
+elasticloadbalancing:DescribeTags
+ecr-public:DescribeRegistries
+ecr:DescribeRegistry
+elasticloadbalancing:DescribeLoadBalancerPolicyTypes
+ecr:ListImages
+ecr-public:GetRepositoryPolicy
+elasticloadbalancing:DescribeLoadBalancerAttributes
+elasticloadbalancing:DescribeLoadBalancers
+ecr-public:DescribeRepositories
+eks:DescribeNodegroup
+ecr:DescribeImages
+elasticloadbalancing:DescribeLoadBalancerPolicies
+ecr:DescribeRepositories
+eks:DescribeCluster
+eks:ListClusters
+elasticloadbalancing:DescribeInstanceHealth
+ecr:GetRepositoryPolicy
+----------------------------------
+
+If you are using the AWS visual editor to create and modify your IAM Policies, you can copy and paste this IAM policy JSON object:
+
+.Click to view JSON object
+[%collapsible]
+====
+```
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "ecr:GetRegistryPolicy",
+                "eks:ListTagsForResource",
+                "elasticloadbalancing:DescribeTags",
+                "ecr-public:DescribeRegistries",
+                "ecr:DescribeRegistry",
+                "elasticloadbalancing:DescribeLoadBalancerPolicyTypes",
+                "ecr:ListImages",
+                "ecr-public:GetRepositoryPolicy",
+                "elasticloadbalancing:DescribeLoadBalancerAttributes",
+                "elasticloadbalancing:DescribeLoadBalancers",
+                "ecr-public:DescribeRepositories",
+                "eks:DescribeNodegroup",
+                "ecr:DescribeImages",
+                "elasticloadbalancing:DescribeLoadBalancerPolicies",
+                "ecr:DescribeRepositories",
+                "eks:DescribeCluster",
+                "eks:ListClusters",
+                "elasticloadbalancing:DescribeInstanceHealth",
+                "ecr:GetRepositoryPolicy"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+```
+====
+
+[discrete]
+[[kspm-use-keys-directly]]
+===== Option 1 - Use access keys directly
+Access keys are long-term credentials for an IAM user or the AWS account root user. To use access keys as credentials, you need to provide the `Access key ID` and the `Secret Access Key`.
+
+For more details, refer to AWS' https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html[Access Keys and Secret Access Keys] documentation.
+
+IMPORTANT: You must select "Programmatic access" when creating the IAM user.
+
+[discrete]
+[[kspm-use-temp-credentials]]
+===== Option 2 - Use temporary security credentials
+You can configure temporary security credentials in AWS to last for a specified duration. They consist of an access key ID, a secret access key, and a security token, which is typically found using `GetSessionToken`.
+
+Because temporary security credentials are short term, once they expire, you will need to generate new ones and manually update the integration's configuration to continue collecting cloud posture data. Update the credentials before they expire to avoid data loss.
+
+NOTE: IAM users with multi-factor authentication (MFA) enabled need to submit an MFA code when calling `GetSessionToken`. For more details, refer to AWS' https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html[Temporary Security Credentials] documentation.
+
+You can use the AWS CLI to generate temporary credentials. For example, you could use the following command if you have MFA enabled:
+
+[source,console]
+----------------------------------
+`sts get-session-token --serial-number arn:aws:iam::1234:mfa/your-email@example.com --duration-seconds 129600 --token-code 123456`
+----------------------------------
+
+The output from this command includes the following fields, which you should provide when configuring the KSPM integration:
+
+* `Access key ID`: The first part of the access key.
+* `Secret Access Key`: The second part of the access key.
+* `Session Token`: A token required when using temporary security credentials.
+
+[discrete]
+[[kspm-use-a-shared-credentials-file]]
+===== Option 3 - Use a shared credentials file
+If you use different AWS credentials for different tools or applications, you can use profiles to define multiple access keys in the same configuration file. For more details refer to AWS' https://docs.aws.amazon.com/sdkref/latest/guide/file-format.html[Shared Credentials Files] documentation.
+
+Instead of providing the `Access key ID` and `Secret Access Key` to the integration, provide the information required to locate the access keys within the shared credentials file:
+
+* `Credential Profile Name`: The profile name in the shared credentials file.
+* `Shared Credential File`: The directory of the shared credentials file.
+
+If you don't provide values for all configuration fields, the integration will use these defaults:
+
+- If `Access key ID`, `Secret Access Key`, and `ARN Role` are not provided, then the integration will check for `Credential Profile Name`.
+- If there is no `Credential Profile Name`, the default profile will be used.
+- If `Shared Credential File` is empty, the default directory will be used.
+  - For Linux or Unix, the shared credentials file is located at `~/.aws/credentials`.
+
+[discrete]
+[[kspm-use-iam-arn]]
+===== Option 4 - Use an IAM role Amazon Resource Name (ARN)
+An IAM role Amazon Resource Name (ARN) is an IAM identity that you can create in your AWS account. You define the role's permissions.
+Roles do not have standard long-term credentials such as passwords or access keys.
+Instead, when you assume a role, it provides you with temporary security credentials for your session.
+An IAM role's ARN can be used to specify which AWS IAM role to use to generate temporary credentials.
+
+For more details, refer to AWS' https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html[AssumeRole API] documentation.
+Follow AWS' instructions to https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html[create an IAM user], and define the IAM role's permissions using the JSON permissions policy above.
+
+To use an IAM role's ARN, you need to provide either a <<kspm-use-a-shared-credentials-file,credential profile>> or <<kspm-use-keys-directly,access keys>> along with the `ARN role`.
+The `ARN Role` value specifies which AWS IAM role to use for generating temporary credentials.
+
+NOTE: If `ARN Role` is present, the integration will check if `Access key ID` and `Secret Access Key` are present.
+If not, the package will check for a `Credential Profile Name`.
+If a `Credential Profile Name` is not present, the default credential profile will be used.
+
+
+[[kspm-setup-eks-finish]]
+[discrete]
+==== Finish configuring the KSPM integration for EKS
+Once you've provided AWS credentials, finish configuring the KSPM integration:
+
+1. If you want to monitor Kubernetes clusters that aren’t yet enrolled in {fleet}, select *New Hosts* under “where to add this integration”.
+2. Name the {agent} policy. Use a name that matches the purpose or team of the cluster(s) you want to monitor. For example, `IT-dev-k8s-clusters`.
+3. Click *Save and continue*, then *Add agent to your hosts*. The *Add agent* wizard appears and provides a DaemonSet manifest `.yaml` file with pre-populated configuration information, such as the `Fleet ID` and `Fleet URL`.
+
+[[kspm-setup-eks-modify-deploy]]
+[discrete]
+==== Deploy the KSPM integration to EKS clusters
+The *Add agent* wizard helps you deploy the KSPM integration on the Kubernetes clusters you wish to monitor. For each cluster:
+
+1. Download the manifest and make any necessary revisions to its configuration to suit the needs of your environment.
+2. Apply the manifest using the `kubectl apply -f` command. For example: `kubectl apply -f elastic-agent-managed-kubernetes.yaml`
+
+After a few minutes, a message confirming the {agent} enrollment appears, followed by a message confirming that data is incoming. You can then click *View assets* to see where the newly-collected configuration information appears throughout {kib}, including the <<findings-page,Findings page>> and the <<cloud-posture-dashboard, Cloud Posture dashboard>>.
+
+
+[discrete]
+[[kspm-setup-unmanaged]]
+=== Set up KSPM for unmanaged Kubernetes clusters
+
+Follow these steps to deploy the KSPM integration to unmanaged clusters. Keep in mind credentials are NOT required for unmanaged deployments.
+
+[discrete]
+==== Configure the KSPM integration
+To install the integration on unmanaged clusters:
+
+1. Go to *Dashboards -> Cloud Posture*.
+2. Click *Add a KSPM integration*.
+3. Read the integration's description to understand how it works. Then, click *Add Kubernetes Security Posture Management*.
+4. Name your integration. Use a name that matches the purpose or team of the cluster(s) you want to monitor, for example, `IT-dev-k8s-clusters`.
+5. Select *Unmanaged Kubernetes* from the *Kubernetes Deployment* menu.
+6. If you want to monitor Kubernetes clusters that aren’t yet enrolled in {fleet}, select *New Hosts* when choosing the {agent} policy.
+7. Select the {agent} policy where you want to add the integration.
+8. Click *Save and continue*, then *Add agent to your hosts*. The *Add agent* wizard appears and provides a DaemonSet manifest `.yaml` file with pre-populated configuration information, such as the `Fleet ID` and `Fleet URL`.
+
+[role="screenshot"]
+image::images/kspm-add-agent-wizard.png[The KSPM integration's Add agent wizard]
+
+[[kspm-setup-unmanaged-modify-deploy]]
+[discrete]
+==== Deploy the KSPM integration to unmanaged clusters
+
+The *Add agent* wizard helps you deploy the KSPM integration on the Kubernetes clusters you wish to monitor. To do this, for each cluster:
+
+1. Download the manifest and make any necessary revisions to its configuration to suit the needs of your environment.
+2. Apply the manifest using the `kubectl apply -f` command. For example: `kubectl apply -f elastic-agent-managed-kubernetes.yaml`
+
+After a few minutes, a message confirming the {agent} enrollment appears, followed by a message confirming that data is incoming. You can then click *View assets* to see where the newly-collected configuration information appears throughout {kib}, including the <<findings-page,Findings page>> and the <<cloud-posture-dashboard, Cloud Posture dashboard>>.

docs/cloud-native-security/kspm.asciidoc

@@ -1,39 +1,6 @@
 [[kspm]]
 = Kubernetes security posture management
 
-The Kubernetes Security Posture Management (KSPM) integration allows you to monitor how your Kubernetes clusters' configuration measures up to security benchmarks.
+The Kubernetes Security Posture Management (KSPM) integration allows you to identify security and compliance issues in the configuration of various Kubernetes components.
 
-To set up the integration, you'll need to first add it to an {agent} policy, then deploy the KSPM DaemonSet to the Kubernetes clusters you want to monitor.
-
-[discrete]
-== Set up a KSPM integration
-To install the integration:
-
-1. Go to *Dashboards -> Cloud Posture*.
-2. Click *Add a CIS integration*.
-3. Click *Add Kubernetes Security Posture Management*.
-4. Name your integration.
-5. Select whether to use the CIS or EKS Benchmarks — use CIS unless you're deploying on EKS.
-6. Select the {agent} policy where you want to add the integration.
-7. Click *Save and continue*, then *Add agent to your hosts*. The *Add agent* wizard appears and provides a DaemonSet manifest `.yaml` file with pre-populated configuration information, such as the `Fleet ID` and`Fleet URL`.
-
-image::images/kspm-add-agent-wizard.png[The KSPM integration's Add agent wizard]
-
-The *Add agent* wizard helps you deploy a DaemonSet on the Kubernetes clusters you wish to monitor. To do this, for each cluster:
-
-1. Download the manifest and make any necessary revisions to its configuration to suit the needs of your environment.
-2. Apply the manifest using the `kubectl apply -f` command. For example: `kubectl apply -f elastic-agent-managed-kubernetes.yaml`
-
-After about a minute, an “Agent enrollment confirmed” message appears, followed by “Incoming data confirmed." You can then click *View assets* to see where the newly-collected configuration information appears throughout {kib}, including the <<findings-page,Findings page>> and the <<cloud-posture-dashboard, Cloud Posture dashboard>>.
-
-[[findings-page]]
-[discrete]
-== Findings page
-
-image::images/findings-page.png[The Findings page]
-
-The Findings page shows how the configuration of your Kubernetes clusters measures up to the standards defined on the <<benchmark-rules, CSP Benchmarks page>>.
-
-Findings are organized by the resource IDs of the associated Kubernetes infrastructure and include data about the infrastructure and benchmark rules. Each finding's result (which can be `pass` or `fail`) indicates whether a particular part of your Kubernetes infrastructure meets an active CSP benchmark rule.
-
-You can filter table data by entering queries into the KQL search bar.
+This integration is currently supported for use with unmanaged Kubernetes clusters, as well as clusters managed by Amazon EKS. To set it up, you'll need to first add it to an {fleet-guide}/agent-policy.html[{agent} policy], then deploy the KSPM DaemonSet to the Kubernetes clusters you want to monitor. This process differs slightly depending on whether you intend to monitor unmanaged clusters or EKS-managed clusters.