This integration is powered by Elastic Agent. Elastic Agent is a single, unified agent that you can deploy to hosts or containers to collect data and send it to the Elastic Stack. Behind the scenes, Elastic Agent runs the Beats shippers or Elastic Endpoint required for your configuration. Please refer to our documentation for a detailed comparison between Beats and Elastic Agent.
Prefer to use Beats for this use case? See Filebeat modules for logs or Metricbeat modules for metrics.
See the integrations quick start guides to get started:
Overview
This integration compares Kubernetes configuration against CIS benchmark checks. It computes a score that ranges between 0 - 100. This integration requires access to node files, node processes, and the Kubernetes api-server therefore it assumes the agent will be installed as a DaemonSet with the proper Roles and RoleBindings attached.
Leader election
To collect cluster level data (compared to node level information) the integration makes use of the leader election mechanism. This mechanism assures that the cluster level data is collected by only one of the agents running as a part of the DaemonSet and not by all of them.
Cluster level data example: List of the running pods. Node level data example: kubelet configuration.
Compatibility
The Kubernetes package is tested with Kubernetes 1.21.x
Dashboard
CIS Kubernetes Benchmark integration is shipped including default dashboards and screens to manage the benchmark rules and inspect the compliance score and findings.
Deployment
Configure Kibana
In order for the integration to be installed, The Cloud Security Posture Kibana plugin must be enabled.
This could be done by adding the following configuration line to kibana.yml:
xpack.cloudSecurityPosture.enabled: true
For Cloud users, see Edit Kibana user settings.
Deploy the Elastic agent
Just like every other integration, the KSPM integration requires an Elastic agent to be deployed.
See agent installation instructions. Note, this integration can only be added to Elastic agents with versions 8.3 or higher.
Changelog
| Version | Details |
|---|---|
0.0.16 | View pull request update resource id keyword mapping |
0.0.15 | View pull request update resource id mapping |
0.0.14 | View pull request Add mapping for rule id and resource id and revert Kibana version constrain |
0.0.13 | View pull request Update Kibana version constrain |
0.0.12 | View pull request Add new rule templates |
0.0.11 | View pull request Update elastic-agent deployment instructions |
0.0.10 | View pull request Update CSP rules configuration template |
0.0.9 | View pull request Update csp rule template |
0.0.8 | View pull request Send dataYaml (Rules Activation YAML) to cloudbeat |
0.0.7 | View pull request Add rule template assets |
0.0.6 | View pull request Update findings template asset |
0.0.5 | View pull request Add CSP rule template asset |
0.0.4 | View pull request Add latest findings data view |
0.0.3 | View pull request Change README |
0.0.2 | View pull request Change README |
0.0.1 | View pull request Initial draft of the package |