diff --git a/docs/images/graph-model.drawio.png b/docs/images/graph-model.drawio.png new file mode 100644 index 000000000..2f7222d3f Binary files /dev/null and b/docs/images/graph-model.drawio.png differ diff --git a/docs/reference/attacks/CE_PRIV_MOUNT.md b/docs/reference/attacks/CE_PRIV_MOUNT.md index f1ef17557..deb414112 100644 --- a/docs/reference/attacks/CE_PRIV_MOUNT.md +++ b/docs/reference/attacks/CE_PRIV_MOUNT.md @@ -59,14 +59,14 @@ mount /dev/vda1 /mnt/hostfs ls -lah /mnt/hostfs/ ``` -With the disk now writeable from the container, follow the steps in [EXPLOIT_HOST_WRITE](./EXPLOIT_HOST_WRITE.md#Exploitation). +With the disk now writeable from the container, follow the steps in [EXPLOIT_HOST_WRITE](./EXPLOIT_HOST_WRITE.md#exploitation). ## Defences ### Monitoring + Monitor `mount` events originating from containers -+ See [EXPLOIT_HOST_WRITE](./EXPLOIT_HOST_WRITE.md#Defences) ++ See [EXPLOIT_HOST_WRITE](./EXPLOIT_HOST_WRITE.md#defences) ### Implement security policies diff --git a/docs/reference/entities/index.md b/docs/reference/entities/index.md index aeb14b837..b380693f5 100644 --- a/docs/reference/entities/index.md +++ b/docs/reference/entities/index.md @@ -7,6 +7,8 @@ hide: Tne entities represents all the vertices in KubeHound graph model. Those are an abstract representation of a Kubernetes component that form the vertices of the graph. +## Entities + !!! note For instance: [PERMISSION_SET](./permissionset.md) is an abstract of Role and RoleBinding. diff --git a/docs/reference/graph.schema.json b/docs/reference/graph/graph.schema.json similarity index 100% rename from docs/reference/graph.schema.json rename to docs/reference/graph/graph.schema.json diff --git a/docs/reference/graph.yaml b/docs/reference/graph/graph.yaml similarity index 100% rename from docs/reference/graph.yaml rename to docs/reference/graph/graph.yaml diff --git a/docs/reference/graph/index.md b/docs/reference/graph/index.md new file mode 100644 index 000000000..5a8b36cf9 --- /dev/null +++ b/docs/reference/graph/index.md @@ -0,0 +1,21 @@ +--- +hide: + - toc +--- + +# Reference + +## Graph model + +In the diagram below, you can see how the KubeHound graph model organizes entities +as nodes and attack paths as the edges that connect them. This structure not only +makes it easier to visualize the attack surface but also powers Gremlin queries +to actively explore and analyze security weaknesses across your Kubernetes +infrastructure. + +![Graph Model](../../images/graph-model.drawio.png) + +## Graph Database + +- [JanusGraph schema](https://github.com/DataDog/KubeHound/blob/main/deployments/kubehound/graph/kubehound-db-init.groovy) +- [Programmatically parsable schema](graph.yaml) diff --git a/docs/references.md b/docs/references.md index 04c8b7319..bf3dba03d 100644 --- a/docs/references.md +++ b/docs/references.md @@ -16,7 +16,7 @@ Updated version of the Pass The Salt Workshop. Prerequisites are listed on [kube ### [KubeHound: Identifying attack paths in Kubernetes clusters at scale with no hustle](https://pretalx.com/hack-lu-2024/talk/HWDZGZ/) -[Recording :fontawesome-brands-youtube:{ .youtube } ](https://www.youtube.com/watch?v=h-dD7PQC4NA){ .md-button .md-button--youtube } [Slides :fontawesome-solid-file-pdf:{ .pdf } ](files/hacklu24/Kubehound-HackLu24-slides.pdf){ .md-button } +[Recording :fontawesome-brands-youtube:{ .youtube } ](https://www.youtube.com/watch?v=h-dD7PQC4NA){ .md-button .md-button--youtube } [Slides :fontawesome-solid-file-pdf:{ .pdf } ](files/hacklu24/Kubehound-HackLu2024-slides.pdf){ .md-button } This presentation explains the genesis behind the tool and a brief introduction to what Kubernetes security is. We showcase the three main usage for KubeHound: diff --git a/docs/terminology.md b/docs/terminology.md index d0d2ec5b8..e47a7faf3 100644 --- a/docs/terminology.md +++ b/docs/terminology.md @@ -24,4 +24,4 @@ All edges in the KubeHound graph represent a net "improvement" in an attacker's **Critical Asset** -An entity in KubeHound whose compromise would result in cluster admin (or equivalent) level access. \ No newline at end of file +An entity in KubeHound whose compromise would result in cluster admin (or equivalent) level access. diff --git a/docs/user-guide/getting-started.md b/docs/user-guide/getting-started.md index caae21c2e..c925c86d5 100644 --- a/docs/user-guide/getting-started.md +++ b/docs/user-guide/getting-started.md @@ -122,6 +122,10 @@ We also provide a showcase [Jupyter Notebook](https://github.com/DataDog/KubeHou ## Visualize and query the KubeHound data +!!! note + + You can find the visual representation of the KubeHound graph model [here](../reference/graph/index.md). + Once the data is loaded in the graph database, it's time to visualize and query it! You can explore it interactively in your graph client. Then, refer to KubeHound's [query library](../queries/index.md) to start asking questions to your data. diff --git a/mkdocs.yml b/mkdocs.yml index 80645fb5d..3e393e96f 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -97,6 +97,7 @@ nav: - Wiki: dev-guide/wiki.md - Datadog setup: dev-guide/datadog.md - Attack Techniques Reference: + - Graph: reference/graph/index.md - ... |reference/*/*.md #- Attacks: reference/attacks/index.md #- Entities: reference/entities/index.md