Cis k8s name migration

[kfirpeled]

What does this PR do?

This pr is part of a larger change to rename the current integration of cis_kubernetes_benchmark to cloud_security_posture as it will contain more benchmarks in the future and should have a proper naming.
A followup PR will be to remove the cis_kubernetes_benchmark package once all code base in the different repos will be aligned to the new naming

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

• [ ]

How to test this PR locally

Related issues

Screenshots

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2022-04-17T15:09:42.715+0000

• Duration: 13 min 36 sec

Test stats 🧪

Test	Results
Failed	0
Passed	2
Skipped	0
Total	2

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[eyalkraft]

Maybe a rename is possible instead of this duplication - the package only exists in snapshot environment.
Maybe @mtojek can tell us more.

Additionally I think it's a wrong name for this integration package that we will have to refactor again.
cloud_security_posture is too general - we only do KSPM currently, and expecting that all our future products will be packed in a single integration package is wrong IMO and could create future complications.

[amitkanfer]

and expecting that all our future products will be packed in a single integration package is wrong IMO and could create future complications.

@eyalkraft why do you think it's wrong?
What do you think is the right way to go?

[kfirpeled]

Maybe a rename is possible instead of this duplication - the package only exists in snapshot environment.

I don't want to rename before we update kibana, cloudbeat and the automation (not 100% sure about that automation needs to be updated) to use the new name. As it can cause breaking changes. therefore I duplicate it as a migration phase.

[eyalkraft]

I don't think it's inherently wrong but it has some implications.
For example every user gets all of our rule templates so we need some logic in Kibana to only create the relevant concrete rules for the specific benchmark the user wants.
We just need to understand the full implications and open the relevant issues.

[kfirpeled]

I don't think it's inherently wrong but it has some implications. For example every user gets all of our rule templates so we need some logic in Kibana to only create the relevant concrete rules for the specific benchmark the user wants. We just need to understand the full implications and open the relevant issues.

this is on point, the rule templates will all be saved (which i think is ok), but we will need to distinguish between policy_templates. which I named as kspm. so this should be added on our hook.
I'll go and investigate it rn

[kfirpeled]

@eyalkraft, @amitkanfer I've tested it, and we can distinguish between different tiles being installed.

This is the test I've taken:

format_version: 1.0.0
name: cloud_security_posture
-title: "CIS Kubernetes Benchmark"
+title: "CIS Security Posture"
policy_templates:
  - name: kspm
    title: CIS Kubernetes Benchmark
    description: Check Kubernetes cluster compliance with the Kubernetes CIS benchmark.
    multiple: false
    inputs:
      - type: cloudbeat
        title: Enable CIS Kubernetes Benchmark
        description: Collecting findings
+  - name: cspm
+    title: CIS Cloud Benchmark
+    description: testing third tile
+    multiple: false
+    inputs:
+      - type: cloudbeat
+        title: Enable CIS Cloud Benchmark
+        description: Collecting findings

And I examined it during debug and you can see different inputs and their enabled status:

[eyalkraft]

Nice, so I think in this case in order to keep our kibana plugin free from strings representing the names of our benchmarks we would want to add a field for our rule templates to indicate which policy template(s?) they belong to.

[oren-zohar]

Suggested change

	"title": "logs-cloud_security_posture.findings-*"
	"title": "logs-cloud_security_posture.findings*"

@kfirpeled I know it's already merged, but since the current findings index is logs-cloud_security_posture.findings_latest-default this data view didn't catch it 😢

[ari-aviran]

@oren-zohar This is on purpose, we'll move the findings_latest index in a different PR