Cis k8s name migration (#3113)

Co-authored-by: eyalkraft <[email protected]>

.github/CODEOWNERS

@@ -40,6 +40,7 @@
 /packages/cisco_nexus @elastic/security-external-integrations
 /packages/cisco_secure_endpoint @elastic/security-external-integrations
 /packages/cisco_umbrella @elastic/security-external-integrations
+/packages/cloud_security_posture @elastic/cloud-security-posture
 /packages/cloudflare @elastic/security-external-integrations
 /packages/cockroachdb @elastic/integrations
 /packages/containerd @elastic/obs-cloudnative-monitoring

packages/cis_kubernetes_benchmark/manifest.yml

@@ -1,6 +1,6 @@
 format_version: 1.0.0
 name: cis_kubernetes_benchmark
-title: "CIS Kubernetes Benchmark"
+title: "CIS Kubernetes Benchmark - deprecated"
 version: 0.0.1
 license: basic
 description: "Check Kubernetes cluster compliance with the Kubernetes CIS benchmark."

packages/cloud_security_posture/changelog.yml

@@ -0,0 +1,6 @@
+# newer versions go on top
+- version: "0.0.1"
+  changes:
+    - description: Initial draft of the package
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/3113

packages/cloud_security_posture/data_stream/findings/agent/stream/stream.yml.hbs

@@ -0,0 +1,2 @@
+processors:
+  - add_cluster_id: ~

packages/cloud_security_posture/data_stream/findings/fields/base-fields.yml

@@ -0,0 +1,12 @@
+- name: data_stream.type
+  type: constant_keyword
+  description: Data stream type.
+- name: data_stream.dataset
+  type: constant_keyword
+  description: Data stream dataset.
+- name: data_stream.namespace
+  type: constant_keyword
+  description: Data stream namespace.
+- name: '@timestamp'
+  type: date
+  description: Event timestamp.

packages/cloud_security_posture/data_stream/findings/fields/findings.yml

@@ -0,0 +1,81 @@
+- name: cycle_id
+  type: text
+  multi_fields:
+    - name: keyword
+      type: keyword
+      ignore_above: 1024
+- name: type
+  type: text
+  multi_fields:
+    - name: keyword
+      type: keyword
+      ignore_above: 1024
+- name: resource_id
+  type: text
+  multi_fields:
+    - name: keyword
+      type: keyword
+      ignore_above: 1024
+- name: cluster_id
+  type: text
+  multi_fields:
+    - name: keyword
+      type: keyword
+      ignore_above: 1024
+- name: agent
+  type: group
+  fields:
+    - name: id
+      type: text
+      description: Agent ID
+      multi_fields:
+        - name: keyword
+          type: keyword
+          ignore_above: 1024
+- name: resource
+  type: group
+  fields:
+    - name: type
+      type: text
+      description: Source type of the resource
+      multi_fields:
+        - name: keyword
+          type: keyword
+          ignore_above: 1024
+    - name: filename
+      type: text
+      description: Resource filename
+      multi_fields:
+        - name: keyword
+          type: keyword
+          ignore_above: 1024
+- name: rule
+  type: group
+  fields:
+    - name: name
+      type: keyword
+      description: Rule name
+      multi_fields:
+        - name: keyword
+          type: keyword
+          ignore_above: 1024
+    - name: benchmark
+      type: group
+      fields:
+        - name: name
+          type: text
+          description: Benchmark name
+          multi_fields:
+            - name: keyword
+              type: keyword
+              ignore_above: 1024
+- name: result
+  type: group
+  fields:
+    - name: evaluation
+      type: text
+      description: Rule result
+      multi_fields:
+        - name: keyword
+          type: keyword
+          ignore_above: 1024

packages/cloud_security_posture/data_stream/findings/manifest.yml

@@ -0,0 +1,6 @@
+title: "Findings"
+type: logs
+streams:
+  - input: cloudbeat
+    title: K8s CIS Compliance
+    description: Check CIS Benchmark compliance

packages/cloud_security_posture/docs/README.md

@@ -0,0 +1,28 @@
+# CIS Kubernetes Benchmark
+
+This integration compares [Kubernetes](https://kubernetes.io/) configuration against CIS benchmark checks. It computes a score that ranges between 0 - 100. This integration requires access to node files, node processes, and the Kuberenetes api-server therefore it assumes the agent will be installed as a [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) with the proper [Roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole) and [RoleBindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#rolebinding-and-clusterrolebinding) attached.
+
+See agent [installation instructions](https://www.elastic.co/guide/en/fleet/current/running-on-kubernetes-managed-by-fleet.html).
+
+Additionally, In order for the integration to be installed, The Cloud Security Posture Kibana plugin must be enabled.
+
+This could be done by adding the following configuration line to `kibana.yml`:
+```
+xpack.cloudSecurityPosture.enabled: true
+```
+
+## Leader election
+
+To collect cluster level data (compared to node level information) the integration makes use of the [leader election](https://www.elastic.co/guide/en/fleet/master/kubernetes_leaderelection-provider.html) mechanism.
+This mechanism assures that the cluster level data is collected by only one of the agents running as aprt of the DeamonSet and not by all of them.
+
+Cluster level data example: List of the running pods.
+Node level data examle: kubelet configuration.
+
+## Compatibility
+
+The Kubernetes package is tested with Kubernetes 1.21.x
+
+## Dashboard
+
+CIS Kubernetes Benchmark integration is shipped including default dashboards and screens to manage the benchmark rules and inspect the compliance score and findings.

packages/cloud_security_posture/kibana/index_pattern/cloud_security_posture-9129a080-7f48-11ec-8249-431333f83c5f.json

@@ -0,0 +1,14 @@
+{
+    "attributes": {
+        "description": "",
+        "title": "logs-cloud_security_posture.findings-*"
+    },
+    "coreMigrationVersion": "8.1.0",
+    "id": "cloud_security_posture-9129a080-7f48-11ec-8249-431333f83c5f",
+    "migrationVersion": {
+        "index-pattern": "8.0.0"
+    },
+    "type": "index-pattern",
+    "updated_at": "2022-01-27T08:10:19.277Z",
+    "version": "WzMwNDY5LDFd"
+}

packages/cloud_security_posture/manifest.yml

@@ -0,0 +1,57 @@
+format_version: 1.0.0
+name: cloud_security_posture
+title: "CIS Kubernetes Benchmark"
+version: 0.0.1
+license: basic
+description: "Check Kubernetes cluster compliance with the Kubernetes CIS benchmark."
+type: integration
+categories:
+  - containers
+  - kubernetes
+release: experimental
+conditions:
+  kibana.version: "^8.3.0"
+screenshots:
+  - src: /img/dashboard.png
+    title: Dashboard page
+    size: 1293x718
+    type: image/png
+  - src: /img/findings.png
+    title: Findings page
+    size: 3134x1740
+    type: image/png
+  - src: /img/findings-flyout.png
+    title: Detailed view of a single finding
+    size: 3176x1748
+    type: image/png
+  - src: /img/benchmarks.png
+    title: Benchmarks page
+    size: 3168x1752
+    type: image/png
+  - src: /img/rules.png
+    title: Rules page
+    size: 3160x1708
+    type: image/png
+icons:
+  - src: /img/cis-kubernetes-benchmark-logo.svg
+    title: CIS Kubernetes Benchmark logo
+    size: 32x32
+    type: image/svg+xml
+policy_templates:
+  - name: kspm
+    title: CIS Kubernetes Benchmark
+    description: Check Kubernetes cluster compliance with the Kubernetes CIS benchmark.
+    multiple: false
+    inputs:
+      - type: cloudbeat
+        title: Enable CIS Kubernetes Benchmark
+        description: Collecting findings
+vars:
+  - name: dataYaml
+    type: yaml
+    title: Rules Activation Yaml
+    multi: false
+    required: false
+    show_user: false
+owner:
+  github: elastic/cloud-security-posture