You are viewing docs on Elastic's new documentation system, currently in technical preview. For all other Elastic docs, visit elastic.co/guide.
Last updated: Apr 10th, 2023

Kubernetes Security Posture Management (KSPM)

Identify & remediate configuration risks in Kubernetes

What is an Elastic integration?

This integration is powered by Elastic Agent. Elastic Agent is a single, unified way to add monitoring for logs, metrics, and other types of data to a host. It can also protect hosts from security threats, query data from operating systems, forward data from remote services or hardware, and more. Refer to our documentation for a detailed comparison between Beats and Elastic Agent.

Prefer to use Beats for this use case? See Filebeat modules for logs or Metricbeat modules for metrics.

The Kubernetes Security Posture Management (KSPM) integration discovers and evaluates the components that make up your Kubernetes cluster against hardening guidelines defined by the Center for Internet Security (CIS) to help you identify and remediate configurations risks that could potentially undermine the confidentiality, integrity, and availability of your data.

Getting started with KSPM

For in-depth, step-by-step instructions to help you get started with KSPM, please read through our getting started guide.

Using KSPM

After you deploy this integration, the pages described in the table below will begin to get populated with security posture data. Please read the "Use Cases" section of the KSPM documentation for step-by-step instructions on how to use these pages to get insight into and improve the security posture of your Kubernetes clusters.

PageDescription
Posture Dashboard
The posture dashboard provides an overview of the security posture of both Cloud Accounts and Kubernetes clusters monitored. You can access the posture dashboard via the dashboards section of the security solution. Please read the posture dashboard documentation to learn more.
Findings
Findings communicate the configuration risks discovered in your environments. The findings page will always display the most up-to-date configuration risks found. You can access the findings page in the main navigation pane of the security solution. Please read the findings documentation to learn more.
Benchmark Rules
Benchmarks hold the configuration rules that are used to assess your specific environments for secure configuration. You can access benchmark rules in the Manage section of the security solution under CLOUD SECURITY POSTURE. To learn more, please read the benchmark rules documentation

As questions come up, check out the KSPM FAQ or reach out to use directly in our community slack workspace in the #security or #cloud-security channels.

Changelog

VersionDetails
1.2.13
Bug fix View pull request
Fixed multiple for input streams

Bug fix View pull request
Fixed commit time formatting and 8.6 BC

Bug fix View pull request
Fixed all findings streams enabled by default
1.2.11
Enhancement View pull request
Fixed readme
1.2.10
Bug fix View pull request
Add GCP/Azure streams

Bug fix View pull request
Fix beta version

Bug fix View pull request
Add GCP/Azure streams

Enhancement View pull request
Add CSPM/KSPM icons

Enhancement View pull request
move rule_number field to benchmark.rule_number

Enhancement View pull request
Add RDS fetcher to the AWS CSPM hbs file
1.2.9
Enhancement View pull request
Add monitoring fetcher to the aws cspm hbs file
1.2.8
Enhancement View pull request
Add cloud fields to mapping
1.2.7
Enhancement View pull request
Add a cloudtrail fetcher to the aws cspm hbs file
1.2.6
Enhancement View pull request
Add posture_type field to mapping
1.2.5
Enhancement View pull request
Add S3 fetcher to the AWS CSPM hbs file
1.2.4
Enhancement View pull request
Remove state from csp rule template
1.2.3
Enhancement View pull request
Add a network fetcher to the aws cspm hbs file
1.2.2
Enhancement View pull request
Update cspm hbs file
1.2.1
Enhancement View pull request
Update CSP mapping
1.2.0
Enhancement View pull request
CSPM support spaces for 8.7.0
1.1.2
Enhancement View pull request
CSPM support spaces for 8.7.0
1.1.1
Enhancement View pull request
CSPM support spaces for 8.6 - fix
1.0.9
Enhancement View pull request
CSPM support spaces for 8.6
1.1.0
Enhancement View pull request
Introduce CSPM
1.0.8
Enhancement View pull request
Update screenshots and icon
1.0.7
Enhancement View pull request
Add KSPM to integration name
1.0.6
Enhancement View pull request
Removing the rule data yaml
1.0.5
Bug fix View pull request
Documentation bugfix
1.0.4
Enhancement View pull request
Updated mapping to include orchastrator.cluster.name.
1.0.3
Enhancement View pull request
Updated the readme to remove the broken internal link
1.0.2
Enhancement View pull request
Add AWS EKS documentation for KSPM
1.0.1
Enhancement View pull request
Add security category to package metadata.
1.0.0
Enhancement View pull request
Cloud Security Posture integration is now GA.
0.0.33
Enhancement View pull request
Remove unconfigurable default fields from hbs files
0.0.32
Enhancement View pull request
Add event property to finding, this event match the event spec of the ECS .
cycle_id mapping is removed as it is no longer reported by the Cloudbeat.
0.0.31
Enhancement View pull request
Store beat configuration file to be propagated to cloudbeat
0.0.30
Enhancement View pull request
Add AWS additional auth to KSPM integration
0.0.29
Enhancement View pull request
Update min age for delete to 180 days
0.0.28
Enhancement View pull request
Add ILM policy for the findings data stream
0.0.27
Enhancement View pull request
Update input types and var name to support runtime config
0.0.26
Enhancement View pull request
Version bump

Enhancement View pull request
Updates to KSPM Integration README
0.0.25
Bug fix View pull request
Remove unimplemented EKS rules from template
0.0.24
Enhancement View pull request
Updated release tag to beta
0.0.23
Bug fix View pull request
Fix rule id typo
0.0.22
Enhancement View pull request
Adjust findings data-stream mappings to fit ECS conventions

Enhancement View pull request
Turned off dynamic mappings of findings data-stream

Enhancement View pull request
Added default pipeline to findings data-stream
0.0.21
Enhancement View pull request
Update package display name
0.0.20
Enhancement View pull request
Remove Kibana configuration section from README
0.0.19
Enhancement View pull request
Adding EKS rule templates

Enhancement View pull request
Added date time field to index patterns

Enhancement View pull request
Update rule benchmark field to include an id
0.0.18
Enhancement View pull request
enhance integration to support eks
0.0.17
Enhancement View pull request
Refactored csp-rule-template metadata field to fit 8.4.0 schema
0.0.16
Enhancement View pull request
update resource id keyword mapping
0.0.15
Enhancement View pull request
update resource id mapping
0.0.14
Enhancement View pull request
Add mapping for rule id and resource id and revert Kibana version constrain
0.0.13
Enhancement View pull request
Update Kibana version constrain
0.0.12
Enhancement View pull request
Add new rule templates
0.0.11
Enhancement View pull request
Update elastic-agent deployment instructions
0.0.10
Enhancement View pull request
Update CSP rules configuration template
0.0.9
Enhancement View pull request
Update csp rule template
0.0.8
Enhancement View pull request
Send dataYaml (Rules Activation YAML) to cloudbeat
0.0.7
Enhancement View pull request
Add rule template assets
0.0.6
Enhancement View pull request
Update findings template asset
0.0.5
Enhancement View pull request
Add CSP rule template asset
0.0.4
Enhancement View pull request
Add latest findings data view
0.0.3
Enhancement View pull request
Change README
0.0.2
Enhancement View pull request
Change README
0.0.1
Enhancement View pull request
Initial draft of the package