Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Kubernetes CIS Benchmark integration #2920

Closed
wants to merge 1,969 commits into from
Closed

Add Kubernetes CIS Benchmark integration #2920

wants to merge 1,969 commits into from

Conversation

eyalkraft
Copy link
Contributor

@eyalkraft eyalkraft commented Mar 30, 2022
edited
Loading

What does this PR do?

Adds the initial version of the Kuberenetes CIS Benchmark integration.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

Notes

  1. As described here currently the package build fails as a result of it containing transforms. This is not a problem in the integration package (there are some packages with transform already).
example

taken from here

➜  cis_kubernetes_benchmark git:(master) elastic-package build


Build the package
Error: building package failed: invalid content found in built package: found 1 validation error:
   1. item [transform] is not allowed in folder [/Users/eyalkraft/Workspace/elastic/integrations/build/integrations/cis_kubernetes_benchmark/0.0.3/elasticsearch]
  1. For the integration installation to work the Cloud Security Posture Kibana plugin should be enabled.
    This is due to the fact that the tranforms expect some existing indices - these indices are created by the plugin.
    Enabling the plugin is done by setting xpack.cloudSecurityPosture.enabled: true in kibana.yml. By default the plugin is disabled.
    This is documented in the integration doc.
example for installation attempt when the plugin isn't enabled

image

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

adriansr and others added 30 commits January 26, 2022 11:16
@adriansr
[rsa2elk/fortinet] Upgrade to ECS 8.0.0 (elastic#2585)
d93955c 
Automated PR.

Upgrades rsa2elk package to ECS 8.0.0.
@adriansr
[rsa2elk/f5] Upgrade to ECS 8.0.0 (elastic#2584)
b58f9da 
Automated PR.

Upgrades rsa2elk package to ECS 8.0.0.
@adriansr
[rsa2elk/cylance] Upgrade to ECS 8.0.0 (elastic#2583)
019a93a 
Automated PR.

Upgrades rsa2elk package to ECS 8.0.0.
@adriansr
[rsa2elk/cyberark] Upgrade to ECS 8.0.0 (elastic#2582)
42af29a 
Automated PR.

Upgrades rsa2elk package to ECS 8.0.0.
@adriansr
[rsa2elk/cisco_nexus] Upgrade to ECS 8.0.0 (elastic#2581)
e113dd3 
Automated PR.

Upgrades rsa2elk package to ECS 8.0.0.
@adriansr
[rsa2elk/cisco_meraki] Upgrade to ECS 8.0.0 (elastic#2580)
2521de1 
Automated PR.

Upgrades rsa2elk package to ECS 8.0.0.
@adriansr
[rsa2elk/cisco] Upgrade to ECS 8.0.0 (elastic#2577)
53ec8ca 
Automated PR.

Upgrades rsa2elk package to ECS 8.0.0.
@adriansr
[rsa2elk/bluecoat] Upgrade to ECS 8.0.0 (elastic#2576)
e3cc047 
Automated PR.

Upgrades rsa2elk package to ECS 8.0.0.
@adriansr
[rsa2elk/barracuda] Upgrade to ECS 8.0.0 (elastic#2574)
c563682 
Automated PR.

Upgrades rsa2elk package to ECS 8.0.0.
@adriansr
[rsa2elk/netscout] Upgrade to ECS 8.0.0 (elastic#2592)
16b0923 
Automated PR.

Upgrades rsa2elk package to ECS 8.0.0.

Closes elastic#2425
@adriansr @r00tu53r
[rsa2elk/sophos] Upgrade to ECS 8.0.0 (elastic#2596)
cdf9726 
Automated PR.

Upgrades rsa2elk package to ECS 8.0.0.

Includes manual changes to xg data stream from elastic#2441

Closes elastic#2441 

Co-authored-by: Sai Kiran <[email protected]>
@mtojek
Schedule daily: test packages against 8.1 (elastic#2603)
97f2f9c 
* Schedule daily: test packages against 8.1

* Bump up 7.16 to 7.17
@CohenIdo
add index tempplate per resource
14ad763
@CohenIdo
update base fields
3bcdc5c
@andrewkroh
Promote tenable_sc to GA (elastic#2565)
a256478 
Mark tenable_sc as GA and bump to 1.0.0.
@andrewkroh
[suricata] Fix missing destination.ip (elastic#2564)
478ee8c 
* Regenerate pipeline test events

* Remove event.ingested

* Use allowed geoip test IPs in test logs

* Use convert processor to set source/destination.ip

* Format MAC addresses per RFC 7042 and ECS

* Don't override event.{created,original} when reindexing

* Use triple braces in templates or set.copy_from

* Add changelog
@brokensound77
[Security Rules] Update security rules package to v1.0.0-dev.0 (elast…
3b8830c 
…ic#2605)

* [Security Rules] Update security rules package to v1.0.0-dev.0
* Add changelog entry for 1.0.0-dev.0
* Update package version to 1.0.1
@efd6
package/network_traffic/tls: fix mapping for tls.detailed.server_cert…
a9106c7 
…ificate_chain (elastic#2517)
@CohenIdo
working version of adding data view
ed05ff5
@CohenIdo
drop unused fields
ba4686f
@ChrsMark
Add missing job.name and cronjob.name meta fields (elastic#2608)
5ff6932 
* Add missing job.name and cronjob.name meta fields

Signed-off-by: ChrsMark <[email protected]>

* Fix changelog

Signed-off-by: ChrsMark <[email protected]>
@lucasfcosta @dominiqueclarke
Fix: add missing fields for browser synthetics integration (elastic#2549
706df38 
)

* fix: add missing fields for browser synthetics integration [fix elastic/kibana#123479]

* update browser mappings

* add screenshot_ref and duration mappings

* move browser fields to root

Co-authored-by: Dominique Clarke <[email protected]>
@r00tu53r
[ti_anomali] Upgrade ECS to 8.0.0 (elastic#2446)
099bb23
@r00tu53r
[ti_abusech] Upgrade ECS to 8.0.0 (elastic#2445)
3f8578f
@ChrsMark
Add missing job and cronjob fields in container related metricsets (e…
6b56f25 
…lastic#2612)

* Add missing job and cronjob fields in container related metricsets

Signed-off-by: ChrsMark <[email protected]>

* Add PR number in changelog

Signed-off-by: ChrsMark <[email protected]>
@dominiqueclarke
Synthetics - add run_once fields (elastic#2609)
40ef021
@dependabot
Bump github.com/elastic/elastic-package from 0.34.1 to 0.35.0 (elasti…
e56298f 
…c#2615)

Bumps [github.com/elastic/elastic-package](https://github.com/elastic/elastic-package) from 0.34.1 to 0.35.0.
- [Release notes](https://github.com/elastic/elastic-package/releases)
- [Changelog](https://github.com/elastic/elastic-package/blob/main/.goreleaser.yml)
- [Commits](elastic/elastic-package@v0.34.1...v0.35.0)

---
updated-dependencies:
- dependency-name: github.com/elastic/elastic-package
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
rename and fix text
ac55a87
@dominiqueclarke
Synthetics - Update changelog.yml (elastic#2616)
69d7c3f
@eyalkraft
fix deploy name
0d18745
P1llus and others added 23 commits March 24, 2022 14:28
@P1llus
[httpjson] Fixing typo in httpjson.yml.hbs (elastic#2883)
4ceed0c 
* fixing typo in httpjson.yml.hbs

* Update changelog
@mtojek
Use stack v8.2 for daily testing (elastic#2881)
be50ad1
@CohenIdo
change indices names
33e1e45
@LaZyDK @P1llus
Extract potential host.domain and user.domain in Cisco Secure Endpoint (
4d88325 
elastic#2888)

* Extract potential host.domain and user.domain

* Bump version to 2.0.1

Bump version

* Update changelog.yml

* Fixes

Needed to use cisco.secure_endpoint.computer.hostname instead of host.name

* updating CI tests and adding some minor changes

* adding some small modifications to pipeline

* adding some small changes based on PR review

* update docs

Co-authored-by: Marius Iversen <[email protected]>
@dependabot
Bump github.com/elastic/elastic-package from 0.42.0 to 0.43.0 (elasti…
b49b3e3 
…c#2899)

Bumps [github.com/elastic/elastic-package](https://github.com/elastic/elastic-package) from 0.42.0 to 0.43.0.
- [Release notes](https://github.com/elastic/elastic-package/releases)
- [Changelog](https://github.com/elastic/elastic-package/blob/main/.goreleaser.yml)
- [Commits](elastic/elastic-package@v0.42.0...v0.43.0)

---
updated-dependencies:
- dependency-name: github.com/elastic/elastic-package
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@kaiyan-sheng
[Azure] Fix signinlogs data stream field type and add new fields (ela…
efc09a3 
…stic#2843)
@legoguy1000
[Fireeye] Fix field conflicts (elastic#2892)
0bf51ed 
Fix dns.id & network.iana_number field mappings.
@legoguy1000
[TI AbuseCH] Fix field mappings (elastic#2893)
1b1d663 
Fix field mapping conflicts in threat.indicator.file.x509.not_before/not_after.
@legoguy1000
[Microsoft SQL Server] Fix field conflict (elastic#2894)
5ea4749 
Fix field conflict for winlog.record_id.
@legoguy1000
[Checkpoint] Fix multiple field conflicts (elastic#2895)
3793f0a 
Fix field mapping conflicts for checkpoint.icmp_type, checkpoint.icmp_code & checkpoint.email_recipients_num.
@alvarezmelissa87
Adds ML supervised model Problem child package (elastic#2115)
dfb9e28 
* adds ml_problem_child package

* add ml_module to problem child package

* ensure modules in right path. update query

* fix jobs configs

* move datafeeds into attributes

* update ingest pipeline name and update job configs

* remove hardcoded indices for datafeeds. update descriptions

* adds job groups and security rules

* update deprecated property and package manifest minimum version

* format files

* rename package folder. update logo

* fix encoding error

* update package name to match validation pattern. fix encoding in rule

* Add (experimental) to job descriptions)

* update README with more asset info

* add license requirement to card and readme

* add asset context to readme

* update card title and description

* update overview config section with more instructions

* change back to basic license but add platinum subscription language and notice

* update codeowners file

* update codeowners and readme

* update owners in manifest

* ensure files formatted correctly

* update ml_module asset id to match filename

* rename problem_child directory to problemchild for consistency

* update ml module id to match filename

* fix module id
@andrewkroh
aws: firewall_logs - add max_number_of_messages config (elastic#2790)
0640c28 
Add configuration for max_number_of_messages to the aws.firewall_logs S3 input.
@LaZyDK
[azure] Added forwarded tag for Azure logs (elastic#2822)
1d09e55 
Added `forwarded` tags for Azure logs.
@alvarezmelissa87
Adds ML supervised model DGA package (elastic#2352)
d4fc331 
* adds ml_dga package

* adds ml_problem_child package

* adds dga pipelines

* update license type requirement to platinum

* rename model files to model id

* fix dga pipeline

* remove problem child package. add module to dga package

* adds security rules to dga package

* update minimum version requirement and deprecated model property

* format json files

* update icon. add groups to ad job

* rename directory

* update pipeline description

* update readme with asset info

* add license requirement to card and readme

* add asset context to readme

* add updated subscription language and update codeowners file

* update readme and add security tag

* fix ml-module file id
@legoguy1000
[azure] Fix event.duration field conflict in log data streams (elasti…
7f67b2c 
…c#2891)

Fix event.duration field conflict in Azure Logs.
@legoguy1000
[IIS] Fix field mappings (elastic#2890)
960d731 
Fix event.* field mappings and conflicts.
@DaveSys911
Merge branch 'elastic:main' into master
555d6d2
@efd6
network_traffic: change release stability to beta (elastic#2903)
88490ef
@r00tu53r
Fix Snort test (elastic#2914)
379bdc7 
* append a newline character to the last line of the log 
  enabling filebeat log input multiline reader to pass the entire
  block to the pipeline.
@CohenIdo
Merge pull request #18 from build-security/addTransforms
cb29217
@ChrsMark
Fix k8s overview dashboard (elastic#2876)
2af12ff
@eyalkraft
remove internal versions
2d603b9
@eyalkraft
Merge branch 'elastic:main' into add-cis-benchmark
82966a6
@cla-checker-service
Copy link

❌ Author of the following commits did not sign a Contributor Agreement:
6465e56, 474e812

Please, read and sign the above mentioned agreement if you want to contribute to this project

@elasticmachine
Copy link

elasticmachine commented Mar 30, 2022
edited
Loading

💔 Build Failed

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-03-30T12:39:45.902+0000

  • Duration: 4 min 31 sec

Steps errors 2

Expand to view the steps failures

Checks and builds Go sources
  • Took 0 min 14 sec . View more details here
  • Description: mage -debug check
Google Storage Download
  • Took 0 min 0 sec . View more details here

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@eyalkraft eyalkraft closed this Mar 30, 2022
@eyalkraft eyalkraft mentioned this pull request Mar 30, 2022
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.