Kubernetes Security Posture Management
| Version | 3.2.1 (View all) |
| Subscription level What's this? | Basic |
| Minimum Kibana version(s) | 9.3.0 |
The Kubernetes Security Posture Management (KSPM) integration discovers and evaluates the components that make up your Kubernetes cluster against hardening guidelines defined by the Center for Internet Security (CIS) to help you identify and remediate configurations risks that could potentially undermine the confidentiality, integrity, and availability of your data.
For in-depth, step-by-step instructions to help you get started with KSPM, please read throughour getting started guide.
After you deploy this integration, the pages described in the table below will begin to get populated with security posture data. Please read the"Use Cases" section of the KSPM documentation for step-by-step instructions on how to use these pages to get insight into and improve the security posture of your Kubernetes clusters.
| Page | Description |
|---|---|
| Posture Dashboard | The posture dashboard provides an overview of the security posture of both Cloud Accounts and Kubernetes clusters monitored. You can access the posture dashboard via the dashboards section of the security solution. Please read theposture dashboard documentation to learn more. |
| Findings | Findings communicate the configuration risks discovered in your environments. The findings page will always display the most up-to-date configuration risks found. You can access the findings page in the main navigation pane of the security solution. Please read thefindings documentation to learn more. |
| Benchmark Rules | Benchmarks hold the configuration rules that are used to assess your specific environments for secure configuration. You can access benchmark rules in theManage section of the security solution underCLOUD SECURITY POSTURE. To learn more, please read thebenchmark rules documentation |
As questions come up, check out theKSPM FAQ or reach out to use directly in ourcommunity slack workspace in the#security or#cloud-security channels.
This integration includes one or more Kibana dashboards that visualizes the data collected by the integration. The screenshots below illustrate how the ingested data is displayed.
Changelog
| Version | Details | Minimum Kibana version |
|---|---|---|
| 3.2.1 | Enhancement (View pull request) GCP infra manager link | 9.3.0 |
| 3.2.0 | Enhancement (View pull request) Bump up pre-release version | 9.3.0 |
| 3.1.2 | Enhancement (View pull request) Update integration's team ownership. | 9.2.0 |
| 3.1.1 | Enhancement (View pull request) Update transform to filter out documents containing an error message from latest vulnerability and misconfiguration indexes. | 9.2.0 |
| 3.1.0 | Enhancement (View pull request) Release version 3.1.0 Enhancement (View pull request) Bumped links for Cloud Formation, ARM and GCP Deployment Manager to 9.2.0 Bug fix (View pull request) Fixing broken json Enhancement (View pull request) Add vulnerability_workflow andmisconfiguration_workflow sub category labels.Enhancement (View pull request) Adding the input type "cloud_connector_id" for Azure Enhancement (View pull request) Update Indentation and adding JSON tags on some rules. Bug fix (View pull request) Change misconfiguration latest transform retention_policy to 26h Enhancement (View pull request) Add azure supports cloud connectors and secrets Enhancement (View pull request) Add Cloud Connectors variables for Azure CSPM input | 9.2.0 |
| 3.0.1 | Bug fix (View pull request) Save GCP Project ID as string | 9.1.0 |
| 3.0.0 | Enhancement (View pull request) Release version 3.0.0. Enhancement (View pull request) Add latest Transform to misconfiguration findings to 3.00 version. | 9.1.0 |
| 2.0.0 | Bug fix (View pull request) Update the minimum supported Kibana version for the upcoming release. Bug fix (View pull request) Fix GCP ARM, Cloud Shell and Cloud Connectors version Bug fix (View pull request) Add temporary processor to remove the fields added by the Agentless policy. Bug fix (View pull request) Remove project_id and organization_id from validation Enhancement (View pull request) Fix the Azure credentials validation Enhancement (View pull request) Populate event.outcome field with value from result.evaluation Enhancement (View pull request) Remove unused azure credentials. Enhancement (View pull request) Add latest Transform to misconfiguration findings. Enhancement (View pull request) Update Cloud Connector fields for CSPM Enhancement (View pull request) Revert bumping branch references on arm templates and gcp cloud shell Enhancement (View pull request) Bump up pre-release version | 8.19.0 |
| 1.13.0 | Enhancement (View pull request) Promote integration Enhancement (View pull request) Fix GCP Organization Agentless validation Enhancement (View pull request) Remove azure.credentials.client_certificate_password from required_vars Enhancement (View pull request) Bump template's version Enhancement (View pull request) Add support for conditional required fields and default deployment mode agentless Enhancement (View pull request) Add AWS external_id for cloud connectors flow" | 9.0.0 8.18.0 |
| 1.12.0 | Enhancement (View pull request) Changed the agentless tags to be a list Enhancement (View pull request) Add cloud connectors support | 9.0.0 8.17.0 |
| 1.11.0 | Enhancement (View pull request) Promote integration Enhancement (View pull request) Lowercase host.name Enhancement (View pull request) Bump version Enhancement (View pull request) Add deployment_mode agentless to the policy template Enhancement (View pull request) Adding deployment_modes to cspm policy template and secret field linting checks Enhancement (View pull request) Bump package to include new kibana condition Enhancement (View pull request) Change gcp.credentials.json secret to true Enhancement (View pull request) Add observer.vendor field mappings Enhancement (View pull request) Add observer.vendor field Enhancement (View pull request) Deprecate vulneravility data views assets. Enhancement (View pull request) Deprecate data views assets. Enhancement (View pull request) Add related.entity to cspmEnhancement (View pull request) Bump up pre-release version | 9.0.0 8.16.0 |
| 1.10.1 | Enhancement (View pull request) Add observer.vendor field | 8.15.0 |
| 1.10.0 | Enhancement (View pull request) Promote integration Enhancement (View pull request) Support conditions in CSPM and KSPM Enhancement (View pull request) Change field type to password where isSecret is true Enhancement (View pull request) Bump version Enhancement (View pull request) Add cloud formation template url to create direct access keys credentials | 8.15.0 |
| 1.9.0 | Bug fix (View pull request) Revert secret of textarea field Enhancement (View pull request) Bump cloudbeat version Enhancement (View pull request) Update findings ingest pipeline to remove empty cloud.account.id and cloud.account.name Bug fix (View pull request) Fix cluster_id missing error in the Ingest Pipeline Enhancement (View pull request) Convert fields to secrets | 8.14.0 |
| 1.8.0 | Enhancement (View pull request) Bump up version Enhancement (View pull request) Add cloudsecurity_cdr sub category label. Enhancement (View pull request) Add missing CIS Azure rule templates Bug fix (View pull request) Rollback CIS Azure Rules 9.3,9.10 Bug fix (View pull request) Rollback secrets adoption Enhancement (View pull request) Add CIS Azure Rules 6.1,.6.2,6.3,6.4 Enhancement (View pull request) Add missing ECS orchestrator fields Enhancement (View pull request) Adopt Secrets Enhancement (View pull request) Bump version | 8.13.0 |
| 1.7.1 | Bug fix (View pull request) Remove disabled fields. | 8.12.0 |
| 1.7.0 | Enhancement (View pull request) 8.12 version bump Enhancement (View pull request) Azure rule templates update Enhancement (View pull request) Bump Azure template branch Enhancement (View pull request) Support Azure Management groups Enhancement (View pull request) Add CIS Azure 5.3.1 Bug fix (View pull request) Update all CSPM providers to run every 24h Enhancement (View pull request) Azure credentials configuration Enhancement (View pull request) CloudFormation version hardening | 8.12.0 |
| 1.6.5 | Bug fix (View pull request) GCP Organization Id as string | 8.11.0 |
| 1.6.4 | Bug fix (View pull request) Assign default GCP account type Enhancement (View pull request) Base CloudFormation url only on version | 8.11.0 |
| 1.6.3 | Bug fix (View pull request) Update URL for AWS | 8.11.0 |
| 1.6.2 | Enhancement (View pull request) Change the format_version in the package manifest to 3.0.0. Remove dotted YAML keys from package manifest. Add owner.type elastic to package manifest. Add missing object_type fields. Add security capability. | 8.11.0 |
| 1.6.1 | Enhancement (View pull request) Update ARM link for Azure | 8.11.0 |
| 1.6.0 | Enhancement (View pull request) Support multiple installations on the same agent policy Enhancement (View pull request) Add support for Azure benchmark Enhancement (View pull request) Add support for GCP organizations | 8.11.0 |
| 1.5.2 | Enhancement (View pull request) Refactor GCP credentials Enhancement (View pull request) Validate OrganizationalUnitIds in CloudFormation | 8.10.0 |
| 1.5.1 | Enhancement (View pull request) Bump version to 1.5.1 Bug fix (View pull request) Remove capitalization and change type for tags | 8.10.0 |
| 1.5.0 | Enhancement (View pull request) Add CIS GCP rule templates Bug fix (View pull request) Remove default value for project id Enhancement (View pull request) Add vulnerability mappings Enhancement (View pull request) Ensure event.kind is correctly set for pipeline errors. Enhancement (View pull request) Add a cloudshell url for the GCP CSPM integration Enhancement (View pull request) Added ingest processor to copy cluster_id to orchestrator.cluster.id Enhancement (View pull request) Seperate KSPM and CSPM cloudformation templates Enhancement (View pull request) Modify CIS GCP config Enhancement (View pull request) Support AWS Organization onboarding option Enhancement (View pull request) Update CloudFormation template to use al2023 AMI and increased EBS volume size | 8.10.0 |
| 1.4.0 | Enhancement (View pull request) Populate new CloudFormation param ElasticArtifactServer Enhancement (View pull request) Send short notation of ElasticAgentVersion Bug fix (View pull request) Fix CIS 1.1.19 rule | 8.9.0 |
| 1.3.0 | Enhancement (View pull request) New vulnerability management integration Enhancement (View pull request) Support ECS orchestrator.cluster.id field Enhancement (View pull request) Added categories and/or subcategories. Enhancement (View pull request) Added vulnerability management period and removing region Enhancement (View pull request) Change CSPM resource collection period Enhancement (View pull request) Update CNVM index mapping Enhancement (View pull request) Add CIS AWS rules 1.16, 1.17, 1.19, 1.20, 2.1.5, 2.3.3 | 8.8.0 |
| 1.2.11 | Enhancement (View pull request) Fixed readme | 8.7.0 |
| 1.2.10 | Bug fix (View pull request) Add GCP/Azure streams Bug fix (View pull request) Fix beta version Bug fix (View pull request) Add GCP/Azure streams Enhancement (View pull request) Add CSPM/KSPM icons Enhancement (View pull request) move rule_number field to benchmark.rule_number Enhancement (View pull request) Add RDS fetcher to the AWS CSPM hbs file | 8.7.0 |
| 1.2.9 | Enhancement (View pull request) Add monitoring fetcher to the aws cspm hbs file | 8.7.0 |
| 1.2.8 | Enhancement (View pull request) Add cloud fields to mapping | 8.7.0 |
| 1.2.7 | Enhancement (View pull request) Add a cloudtrail fetcher to the aws cspm hbs file | 8.7.0 |
| 1.2.6 | Enhancement (View pull request) Add posture_type field to mapping | 8.7.0 |
| 1.2.5 | Enhancement (View pull request) Add S3 fetcher to the AWS CSPM hbs file | 8.7.0 |
| 1.2.4 | Enhancement (View pull request) Remove state from csp rule template | 8.7.0 |
| 1.2.3 | Enhancement (View pull request) Add a network fetcher to the aws cspm hbs file | 8.7.0 |
| 1.2.2 | Enhancement (View pull request) Update cspm hbs file | 8.7.0 |
| 1.2.1 | Enhancement (View pull request) Update CSP mapping | 8.7.0 |
| 1.2.0 | Enhancement (View pull request) CSPM support spaces for 8.7.0 | 8.7.0 |
| 1.1.2 | Enhancement (View pull request) CSPM support spaces for 8.7.0 | 8.7.0 |
| 1.1.1 | Enhancement (View pull request) CSPM support spaces for 8.6 - fix | 8.6.0 |
| 1.0.9 | Enhancement (View pull request) CSPM support spaces for 8.6 | 8.6.0 |
| 1.1.0 | Enhancement (View pull request) Introduce CSPM | 8.7.0 |
| 1.0.8 | Enhancement (View pull request) Update screenshots and icon | 8.6.0 |
| 1.0.7 | Enhancement (View pull request) Add KSPM to integration name | 8.6.0 |
| 1.0.6 | Enhancement (View pull request) Removing the rule data yaml | 8.6.0 |
| 1.0.5 | Bug fix (View pull request) Documentation bugfix | 8.5.0 |
| 1.0.4 | Enhancement (View pull request) Updated mapping to include orchastrator.cluster.name. | 8.5.0 |
| 1.0.3 | Enhancement (View pull request) Updated the readme to remove the broken internal link | 8.5.0 |
| 1.0.2 | Enhancement (View pull request) Add AWS EKS documentation for KSPM | 8.5.0 |
| 1.0.1 | Enhancement (View pull request) Add security category to package metadata. | 8.5.0 |
| 1.0.0 | Enhancement (View pull request) Cloud Security Posture integration is now GA. | 8.5.0 |
| 0.0.33 | Enhancement (View pull request) Remove unconfigurable default fields from hbs files | 8.5.0 |
| 0.0.32 | Enhancement (View pull request) Add event property to finding, this event match the event spec of the ECS . cycle_id mapping is removed as it is no longer reported by the Cloudbeat. | 8.5.0 |
| 0.0.31 | Enhancement (View pull request) Store beat configuration file to be propagated to cloudbeat | 8.5.0 |
| 0.0.30 | Enhancement (View pull request) Add AWS additional auth to KSPM integration | 8.5.0 |
| 0.0.29 | Enhancement (View pull request) Update min age for delete to 180 days | 8.5.0 |
| 0.0.28 | Enhancement (View pull request) Add ILM policy for the findings data stream | 8.5.0 |
| 0.0.27 | Enhancement (View pull request) Update input types and var name to support runtime config | 8.5.0 |
| 0.0.26 | Enhancement (View pull request) Version bump Enhancement (View pull request) Updates to KSPM Integration README | 8.4.0 |
| 0.0.25 | Bug fix (View pull request) Remove unimplemented EKS rules from template | 8.4.0 |
| 0.0.24 | Enhancement (View pull request) Updated release tag to beta | 8.4.0 |
| 0.0.23 | Bug fix (View pull request) Fix rule id typo | — |
| 0.0.22 | Enhancement (View pull request) Adjust findings data-stream mappings to fit ECS conventions Enhancement (View pull request) Turned off dynamic mappings of findings data-stream Enhancement (View pull request) Added default pipeline to findings data-stream | — |
| 0.0.21 | Enhancement (View pull request) Update package display name | — |
| 0.0.20 | Enhancement (View pull request) Remove Kibana configuration section from README | — |
| 0.0.19 | Enhancement (View pull request) Adding EKS rule templates Enhancement (View pull request) Added date time field to index patterns Enhancement (View pull request) Update rule benchmark field to include an id | — |
| 0.0.18 | Enhancement (View pull request) enhance integration to support eks | — |
| 0.0.17 | Enhancement (View pull request) Refactored csp-rule-template metadata field to fit 8.4.0 schema | — |
| 0.0.16 | Enhancement (View pull request) update resource id keyword mapping | — |
| 0.0.15 | Enhancement (View pull request) update resource id mapping | — |
| 0.0.14 | Enhancement (View pull request) Add mapping for rule id and resource id and revert Kibana version constrain | — |
| 0.0.13 | Enhancement (View pull request) Update Kibana version constrain | — |
| 0.0.12 | Enhancement (View pull request) Add new rule templates | — |
| 0.0.11 | Enhancement (View pull request) Update elastic-agent deployment instructions | — |
| 0.0.10 | Enhancement (View pull request) Update CSP rules configuration template | — |
| 0.0.9 | Enhancement (View pull request) Update csp rule template | — |
| 0.0.8 | Enhancement (View pull request) Send dataYaml (Rules Activation YAML) to cloudbeat | — |
| 0.0.7 | Enhancement (View pull request) Add rule template assets | — |
| 0.0.6 | Enhancement (View pull request) Update findings template asset | — |
| 0.0.5 | Enhancement (View pull request) Add CSP rule template asset | — |
| 0.0.4 | Enhancement (View pull request) Add latest findings data view | — |
| 0.0.3 | Enhancement (View pull request) Change README | — |
| 0.0.2 | Enhancement (View pull request) Change README | — |
| 0.0.1 | Enhancement (View pull request) Initial draft of the package | — |