Technical preview
This functionality may be changed or removed completely in a future release. Elastic will take a best effort approach to fix any issues, but technical preview features are not subject to the support service level agreement of official generally available features.
What is an Elastic integration?

This integration is powered by Elastic Agent. Elastic Agent is a single, unified agent that you can deploy to hosts or containers to collect data and send it to the Elastic Stack. Behind the scenes, Elastic Agent runs the Beats shippers or Elastic Endpoint required for your configuration. Please refer to our documentation for a detailed comparison between Beats and Elastic Agent.

Prefer to use Beats for this use case? See Filebeat modules for logs or Metricbeat modules for metrics.

Overview

This integration compares Kubernetes configuration against CIS benchmark checks. It computes a score that ranges between 0 - 100. This integration requires access to node files, node processes, and the Kubernetes api-server therefore it assumes the agent will be installed as a DaemonSet with the proper Roles and RoleBindings attached.

Leader election

To collect cluster level data (compared to node level information) the integration makes use of the leader election mechanism. This mechanism assures that the cluster level data is collected by only one of the agents running as a part of the DaemonSet and not by all of them.

Cluster level data example: List of the running pods. Node level data example: kubelet configuration.

Compatibility

The Kubernetes package is tested with Kubernetes 1.21.x

Dashboard

CIS Kubernetes Benchmark integration is shipped including default dashboards and screens to manage the benchmark rules and inspect the compliance score and findings.

Deployment

Configure Kibana

In order for the integration to be installed, The Cloud Security Posture Kibana plugin must be enabled.

This could be done by adding the following configuration line to kibana.yml:

xpack.cloudSecurityPosture.enabled: true

For Cloud users, see Edit Kibana user settings.

Deploy the Elastic agent

Just like every other integration, the KSPM integration requires an Elastic agent to be deployed.

See agent installation instructions. Note, this integration can only be added to Elastic agents with versions 8.3 or higher.

Changelog

VersionDetails
0.0.16
Enhancement View pull request
update resource id keyword mapping
0.0.15
Enhancement View pull request
update resource id mapping
0.0.14
Enhancement View pull request
Add mapping for rule id and resource id and revert Kibana version constrain
0.0.13
Enhancement View pull request
Update Kibana version constrain
0.0.12
Enhancement View pull request
Add new rule templates
0.0.11
Enhancement View pull request
Update elastic-agent deployment instructions
0.0.10
Enhancement View pull request
Update CSP rules configuration template
0.0.9
Enhancement View pull request
Update csp rule template
0.0.8
Enhancement View pull request
Send dataYaml (Rules Activation YAML) to cloudbeat
0.0.7
Enhancement View pull request
Add rule template assets
0.0.6
Enhancement View pull request
Update findings template asset
0.0.5
Enhancement View pull request
Add CSP rule template asset
0.0.4
Enhancement View pull request
Add latest findings data view
0.0.3
Enhancement View pull request
Change README
0.0.2
Enhancement View pull request
Change README
0.0.1
Enhancement View pull request
Initial draft of the package
Last updated: Jun 22nd, 2022