You are viewing docs on Elastic's new documentation system, currently in technical preview. For all other Elastic docs, visit
Last updated: Mar 20th, 2023

Kubernetes Security Posture Management (KSPM)

Identify & remediate configuration risks in Kubernetes

What is an Elastic integration?

This integration is powered by Elastic Agent. Elastic Agent is a single, unified way to add monitoring for logs, metrics, and other types of data to a host. It can also protect hosts from security threats, query data from operating systems, forward data from remote services or hardware, and more. Refer to our documentation for a detailed comparison between Beats and Elastic Agent.

Prefer to use Beats for this use case? See Filebeat modules for logs or Metricbeat modules for metrics.

The Kubernetes Security Posture Management (KSPM) integration discovers and evaluates the components that make up your Kubernetes cluster against hardening guidelines defined by the Center for Internet Security (CIS) to help you identify and remediate configurations risks that could potentially undermine the confidentiality, integrity, and availability of your data.

Getting started with KSPM

For in-depth, step-by-step instructions to help you get started with KSPM, please read through our getting started guide.

Using KSPM

After you deploy this integration, the pages described in the table below will begin to get populated with security posture data. Please read the "Use Cases" section of the KSPM documentation for step-by-step instructions on how to use these pages to get insight into and improve the security posture of your Kubernetes clusters.

Posture Dashboard
The posture dashboard provides an overview of the security posture of both Cloud Accounts and Kubernetes clusters monitored. You can access the posture dashboard via the dashboards section of the security solution. Please read the posture dashboard documentation to learn more.
Findings communicate the configuration risks discovered in your environments. The findings page will always display the most up-to-date configuration risks found. You can access the findings page in the main navigation pane of the security solution. Please read the findings documentation to learn more.
Benchmark Rules
Benchmarks hold the configuration rules that are used to assess your specific environments for secure configuration. You can access benchmark rules in the Manage section of the security solution under CLOUD SECURITY POSTURE. To learn more, please read the benchmark rules documentation

As questions come up, check out the KSPM FAQ or reach out to use directly in our community slack workspace in the #security or #cloud-security channels.