Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Kubernetes CIS Benchmark integration #2930

Merged
merged 85 commits into from
Apr 11, 2022
Merged

Add Kubernetes CIS Benchmark integration #2930

merged 85 commits into from
Apr 11, 2022

Conversation

eyalkraft
Copy link
Contributor

@eyalkraft eyalkraft commented Mar 30, 2022
edited
Loading

What does this PR do?

Adds the initial version of the Kuberenetes CIS Benchmark integration.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Notes

  1. As described here currently the package build fails as a result of it containing transforms. This is not a problem in the integration package (there are some packages with transform already - endpoint for example).
example

taken from here

➜  cis_kubernetes_benchmark git:(master) elastic-package build


Build the package
Error: building package failed: invalid content found in built package: found 1 validation error:
   1. item [transform] is not allowed in folder [/Users/eyalkraft/Workspace/elastic/integrations/build/integrations/cis_kubernetes_benchmark/0.0.3/elasticsearch]
  1. For the integration installation to work the Cloud Security Posture Kibana plugin should be enabled.
    This is due to the fact that the tranforms expect some existing indices - these indices are created by the plugin.
    Enabling the plugin is done by setting xpack.cloudSecurityPosture.enabled: true in kibana.yml. By default the plugin is disabled.
    This is documented in the integration doc.
example for installation attempt when the plugin isn't enabled

image

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

DaveSys911 and others added 30 commits December 23, 2021 15:15
@DaveSys911 @aleksmaus
Feature/kube cis package (#1)
8ee900d 
* initial package info

* Make kubebeat work with integration inputs

* working integration v1(ILM issue exists in bit)

* fixed files

Co-authored-by: Aleksandr Maus <aleksandr.maus@elastic.co>
@CohenIdo
working version of adding index template
528f290
@CohenIdo
add index tempplate per resource
2686ccd
@CohenIdo
update base fields
031e03e
@CohenIdo
working version of adding data view
f62ddf9
@CohenIdo
drop unused fields
6c5d9ad
rename and fix text
6465e56
@eyalkraft
fix deploy name
fea5f60
@eyalkraft
use elastic-package to create data-stream
54c166f
@CohenIdo
pr comments
2af5347
@CohenIdo
Description update
5ad3b5e
@CohenIdo
add group
7a8a419
@CohenIdo
.
0e9e168
@eyalkraft
Merge pull request #6 from build-security/integration-update-looks
a410e55 
rename and fix text
@eyalkraft
set multiple to false
05fecb6
@eyalkraft
Merge pull request #7 from build-security/single-instance-per-policy
e17f006 
set multiple to false
@eyalkraft
rename
2a01de0
@CohenIdo
Merge pull request #5 from build-security/add_data_view
912bc1c 
Add data view
@CohenIdo
Merge pull request #3 from build-security/add_fields_mapping
fef48f2
@CohenIdo
update assets path
f6feb62
@CohenIdo
replace quotes
1e3e458
@CohenIdo
rebane kibana assets filename
c84fe61
@CohenIdo
Merge pull request #10 from build-security/moveAssetsToNewIntegration
9764185 
update assets path
@CohenIdo
format existing assets
ec8b0fa
@CohenIdo
working version of adding vars
540092f
@CohenIdo
clean
eb23f3f
@CohenIdo
add default policy
e2525eb
@CohenIdo
update index pattern acording to cloudbeat change
b6fde4e
@CohenIdo
format
6b14e7d
@CohenIdo
Merge pull request #14 from build-security/updateDataViewIndexPattern
3d62761 
update index pattern acording to cloudbeat change
@eyalkraft
Copy link
Contributor Author

  1. The plugin is safe! I will open a PR to elastic-package.

@eyalkraft
Copy link
Contributor Author

  1. have another attempt at fixing the commits for the CLA

CLA problem solved by signing

@eyalkraft eyalkraft mentioned this pull request Mar 30, 2022
Merged
@mtojek
Copy link
Contributor

mtojek commented Mar 31, 2022

Based on the discussion in elastic/elastic-package#767, it looks like this is a blocker for this issue.

mtojek
mtojek reviewed Apr 5, 2022
View reviewed changes
.github/CODEOWNERS Outdated
/packages/zscaler_zpa @elastic/security-external-integrations
/packages/cis_kubernetes_benchmark @elastic/cloud-posture-security
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please place it accordingly in the alphanum? order?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

packages/cis_kubernetes_benchmark/data_stream/findings/manifest.yml
title: "Findings"
type: logs
streams:
- input: cloudbeat
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Release version bump here: #3003

eyalkraft and others added 15 commits April 6, 2022 16:28
@eyalkraft
Merge branch 'main' into initial-merge-cis-benchmark
3cd1643
@JordanSh
changes to score transform
6ae7dfa
@eyalkraft
sort codeowners
9f662f2
@eyalkraft
remove codeowners trailing newline
ce6625c
@JordanSh
changelog update
f5b9442
@kfirpeled
Fixed all findings index pattern so it won't overlap with latest find…
4f75c3b 
…ings
@JordanSh
Merge pull request #20 from build-security/change-score-transform
20c917f 
changes to score transform
@eyalkraft
Merge branch 'master' into fix_index_pattern
f080e37
@eyalkraft
Merge pull request #21 from build-security/fix_index_pattern
ede7667 
Fixed all findings index pattern so it won't overlap with latest findings
@eyalkraft
Merge branch 'elastic:main' into initial-merge-cis-benchmark
f23f7e1
@eyalkraft
update from build-security/master
285c74d
@eyalkraft
fix codeowners
5feeb48
@eyalkraft
remove newline
1a1bd8f
@eyalkraft
remove transforms
4674dd6
@eyalkraft
update owner group name
da4a3d7
@eyalkraft eyalkraft marked this pull request as ready for review April 7, 2022 13:09
@eyalkraft eyalkraft requested a review from a team as a code owner April 7, 2022 13:09
mtojek
mtojek approved these changes Apr 11, 2022
View reviewed changes
Copy link
Contributor

@mtojek mtojek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CODEOWNERS LGTM

@eyalkraft eyalkraft merged commit ff96a82 into elastic:main Apr 11, 2022
@kfirpeled kfirpeled deleted the initial-merge-cis-benchmark branch April 14, 2022 18:49
@andrewkroh andrewkroh added the New Integration Issue or pull request for creating a new integration package. label Aug 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oren-zohar oren-zohar oren-zohar left review comments

@mtojek mtojek mtojek approved these changes

Assignees
No one assigned
Labels
New Integration Issue or pull request for creating a new integration package.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
10 participants
@eyalkraft @elasticmachine @mtojek @oren-zohar @andrewkroh @DaveSys911 @CohenIdo @ari-aviran @JordanSh @kfirpeled