[Cloud Posture] Introducing cspm (#4752)

elastic · Dec 4, 2022 · 00285f9 · 00285f9
1 parent c4b024d
commit 00285f9
Show file tree

Hide file tree

Showing 6 changed files with 207 additions and 24 deletions.
diff --git a/packages/cloud_security_posture/changelog.yml b/packages/cloud_security_posture/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.1.0"
+  changes:
+    - description: Introduce CSPM
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/4752
 - version: "1.0.8"
   changes:
     - description: Update screenshots and icon

diff --git a/packages/cloud_security_posture/data_stream/findings/agent/stream/aws.yml.hbs b/packages/cloud_security_posture/data_stream/findings/agent/stream/aws.yml.hbs
@@ -0,0 +1,32 @@
+fetchers:
+{{!-- @elastic/cloudbeat continue work from here --}}
+  - name: TBD
+processors:
+  - add_cluster_id: ~
+
+config:
+  v1:
+    posture: {{posture}}
+    deployment: {{deployment}}
+    benchmark: cis_aws
+    aws:
+      credentials:
+        {{#if access_key_id}}
+        access_key_id: {{access_key_id}}
+        {{/if}}
+        {{#if secret_access_key}}
+        secret_access_key: {{secret_access_key}}
+        {{/if}}
+        {{#if session_token}}
+        session_token: {{session_token}}
+        {{/if}}
+        {{#if shared_credential_file}}
+        shared_credential_file: {{shared_credential_file}}
+        {{/if}}
+        {{#if credential_profile_name}}
+        credential_profile_name: {{credential_profile_name}}
+        {{/if}}
+        {{#if role_arn}}
+        role_arn: {{role_arn}}
+        {{/if}}
+        type: {{aws.credentials.type}}
diff --git a/packages/cloud_security_posture/data_stream/findings/agent/stream/eks.yml.hbs b/packages/cloud_security_posture/data_stream/findings/agent/stream/eks.yml.hbs
@@ -1,5 +1,31 @@
-name: Findings
-# Defines how often an event is sent to the output
+config:
+  v1:
+    posture: {{posture}}
+    deployment: {{deployment}}
+    benchmark: cis_eks
+    aws:
+      credentials:
+        {{#if access_key_id}}
+        access_key_id: {{access_key_id}}
+        {{/if}}
+        {{#if secret_access_key}}
+        secret_access_key: {{secret_access_key}}
+        {{/if}}
+        {{#if session_token}}
+        session_token: {{session_token}}
+        {{/if}}
+        {{#if shared_credential_file}}
+        shared_credential_file: {{shared_credential_file}}
+        {{/if}}
+        {{#if credential_profile_name}}
+        credential_profile_name: {{credential_profile_name}}
+        {{/if}}
+        {{#if role_arn}}
+        role_arn: {{role_arn}}
+        {{/if}}
+        type: {{aws.credentials.type}}
+
+
 fetchers:
   - name: kube-api
   - name: process
@@ -19,6 +45,8 @@ processors:
   - add_cluster_id: ~
 
 
+{{!-- BACKWARD COMPATIBILITY cloudbeat 8.5 & 8.6 --}}
+
 runtime_cfg:
   activated_rules:
     cis_eks:

diff --git a/packages/cloud_security_posture/data_stream/findings/agent/stream/vanilla.yml.hbs b/packages/cloud_security_posture/data_stream/findings/agent/stream/vanilla.yml.hbs
@@ -1,5 +1,9 @@
-name: Findings
-# Defines how often an event is sent to the output
+config:
+  v1:
+    posture: {{posture}}
+    deployment: {{deployment}}
+    benchmark: cis_k8s
+
 fetchers:
   - name: kube-api
   - name: process
@@ -31,6 +35,8 @@ fetchers:
 processors:
   - add_cluster_id: ~
 
+{{!-- BACKWARD COMPATIBILITY cloudbeat 8.5 & 8.6 --}}
+
 runtime_cfg:
   activated_rules:
     cis_k8s:

diff --git a/packages/cloud_security_posture/data_stream/findings/manifest.yml b/packages/cloud_security_posture/data_stream/findings/manifest.yml
@@ -8,18 +8,13 @@ elasticsearch:
       dynamic: false
 streams:
   - input: cloudbeat/cis_k8s
-    title: K8s CIS Compliance
+    title: CIS Kubernetes Benchmark
+    description: CIS Benchmark for Kubernetes
     template_path: vanilla.yml.hbs
-    description: |
-      Check CIS Benchmark compliance
-      ###### Only a single benchmark can be enabled. Default is K8s CIS.
   - input: cloudbeat/cis_eks
-    enabled: false
+    title: Amazon EKS Benchmark
+    description: CIS Benchmark for Amazon Elastic Kubernetes Service (EKS)
     template_path: eks.yml.hbs
-    title: CIS Amazon EKS Compliance
-    description: |
-      Check CIS Amazon Benchmark compliance
-      ###### Only a single benchmark can be enabled. Default is K8s CIS.
     vars:
       - name: access_key_id
         type: text
@@ -58,4 +53,63 @@ streams:
         multi: false
         required: false
         show_user: false
-
+      - name: aws.credentials.type
+        type: text
+        title: Credential type
+        multi: false
+        required: false
+        show_user: false
+  - input: cloudbeat/cis_aws
+    title: CIS AWS Benchmark
+    description: CIS Benchmark for Amazon Web Services Foundations
+    template_path: aws.yml.hbs
+    vars:
+      - name: access_key_id
+        type: text
+        title: Access Key ID
+        multi: false
+        required: false
+        show_user: true
+      - name: secret_access_key
+        type: text
+        title: Secret Access Key
+        multi: false
+        required: false
+        show_user: true
+      - name: session_token
+        type: text
+        title: Session Token
+        multi: false
+        required: false
+        show_user: true
+      - name: shared_credential_file
+        type: text
+        title: Shared Credential File
+        multi: false
+        required: false
+        show_user: false
+        description: Directory of the shared credentials file
+      - name: credential_profile_name
+        type: text
+        title: Credential Profile Name
+        multi: false
+        required: false
+        show_user: false
+      - name: role_arn
+        type: text
+        title: ARN Role 
+        multi: false
+        required: false
+        show_user: false
+      - name: aws.credentials.type
+        type: text
+        title: Credential type
+        multi: false
+        required: false
+        show_user: false
+  - input: cloudbeat/cis_gcp
+    title: CIS GCP Benchmark
+    description: CIS Benchmark for Google Cloud Platform Foundation
+  - input: cloudbeat/cis_azure
+    title: CIS Azure Benchmark
+    description: CIS Benchmark for Microsoft Azure Foundations
diff --git a/packages/cloud_security_posture/manifest.yml b/packages/cloud_security_posture/manifest.yml
@@ -1,17 +1,21 @@
 format_version: 1.0.0
 name: cloud_security_posture
-title: "Kubernetes Security Posture Management (KSPM)"
-version: 1.0.8
+title: "Security Posture Management (CSPM/KSPM)"
+version: 1.1.0
 release: ga
 license: basic
-description: "Check Kubernetes cluster compliance with the Kubernetes CIS benchmark."
+description: "DO NOT USE MAIN TILE (WIP)"
 type: integration
 categories:
   - containers
   - kubernetes
   - security
+  - cloud
+  - aws
+  - azure
+  - google_cloud
 conditions:
-  kibana.version: "^8.6.0"
+  kibana.version: "^8.7.0"
 screenshots:
   - src: /img/dashboard.png
     title: Dashboard page
@@ -38,17 +42,71 @@ icons:
     title: CIS Kubernetes Benchmark logo
     size: 32x32
     type: image/svg+xml
+vars:
+  - name: posture
+    type: text
+    title: Posture type
+    multi: false
+    required: true
+    show_user: false
+    description: Chosen posture type (cspm/kspm)
+  - name: deployment
+    type: text
+    title: Deployment type
+    multi: false
+    required: true
+    show_user: false
+    description: Chosen deployment type (aws/gcp/azure/eks/k8s)
 policy_templates:
   - name: kspm
-    title: Kubernetes Security Posture Management
-    description: Check Kubernetes cluster compliance with the Kubernetes CIS benchmark.
+    title: KSPM
+    description: Measure Kubernetes compliance with hardening guidelines
     multiple: false
+    categories:
+      - containers
+      - kubernetes
+      - security
+    icons:
+      - src: /img/cis-kubernetes-benchmark-logo.svg
+        title: CIS Kubernetes Benchmark logo
+        size: 32x32
+        type: image/svg+xml
+    screenshots:
+      - src: /img/dashboard.png
+        title: Dashboard page
+        size: 1293x718
+        type: image/png
+    data_streams:
+      - findings
     inputs:
       - type: cloudbeat/cis_k8s
-        title: Enable CIS Kubernetes Benchmark
-        description: Collecting findings
+        title: CIS Kubernetes Benchmark
+        description: CIS Benchmark for Kubernetes
       - type: cloudbeat/cis_eks
-        title: Enable Amazon EKS Benchmark
-        description: Collecting findings
+        title: Amazon EKS Benchmark
+        description: CIS Benchmark for Amazon Elastic Kubernetes Service (EKS)
+  - name: cspm
+    title: CSPM
+    description: Measure cloud resource compliance with relevant hardening guidelines
+    categories:
+      - containers
+      - security
+      - cloud
+      - aws
+      - azure
+      - google_cloud
+    multiple: false
+    data_streams:
+      - findings
+    inputs:
+      - type: cloudbeat/cis_aws
+        title: Amazon Web Services
+        description: CIS Benchmark for Amazon Web Services Foundations
+      - type: cloudbeat/cis_gcp
+        title: GCP
+        description: CIS Benchmark for Google Cloud Platform Foundation
+      - type: cloudbeat/cis_azure
+        title: Azure
+        description: CIS Benchmark for Microsoft Azure Foundations
 owner:
   github: elastic/cloud-security-posture