![]() cpe:/a:redhat:openshift_container_platform:4.18.cpe:/a:redhat:openshift_container_platform:4.16. ![]() cpe:/a:redhat:openshift_container_platform:4.15.cpe:/a:redhat:openshift_container_platform:4.14.cpe:/a:redhat:openshift_container_platform:4.13.cpe:/a:redhat:openshift_container_platform:4.12.cpe:/a:redhat:openshift_container_platform:4.11.cpe:/a:redhat:openshift_container_platform:4.10.cpe:/a:redhat:openshift_container_platform_on_sdn:4.cpe:/a:redhat:openshift_container_platform_on_ovn:4.cpe:/a:redhat:openshift_container_platform_on_gcp:4.cpe:/a:redhat:openshift_container_platform_on_azure:4.cpe:/a:redhat:openshift_container_platform_on_aws:4.cpe:/o:redhat:openshift_container_platform_node:4.cpe:/a:redhat:openshift_container_platform_node_on_sdn:4.cpe:/a:redhat:openshift_container_platform_node_on_ovn:4.Of a baseline created from this guidance. Which provides required settings for the United States Government, is one example The NIST National Checklist Program (NCP), Processed, in an automated fashion, with tools that support the SecurityĬontent Automation Protocol (SCAP). XCCDF Profiles, which are selections of items that form checklists andĬan be used as baselines, are available with this guide. Providing baselines that meet a diverse set of policy objectives. This document, and its associated automated checking content, are capable of Granular selection and adjustment of settings, and their association with OVALĪnd OCIL content provides an automated checking capability. This guide is a catalog, not aĬhecklist, and satisfaction of every item is not likely to be possible or Makers and baseline creators can use this catalog of settings, with itsĪssociated references to higher-level security control catalogs, in order toĪssist them in security baseline creation. Providing system administrators with such guidance informs them how to securelyĬonfigure systems under their control in a variety of network roles. Is available in the scap-security-guide package which is developed at It is a rendering ofĬontent structured in the eXtensible Configuration Checklist Description Format (XCCDF) To send email notifications on findings filtered by Kubernetes labels, see Configuring Notifications by Tags/Labels.įor Kubernetes terminology, see the Glossary in the Kubernetes documentation.This guide presents a catalog of security-relevantĬonfiguration settings for Red Hat OpenShift Container Platform 4. For more details, see Posture Findings and Security Events. The CloudGuard Compliance engine generates Kubernetes posture findings that show on the Events > Posture Findings page. Filter the list for Platform: Kubernetes and Type: CloudGuard Managed.įor more information on CloudGuard rulesets, see Rules and Rulesets. clusters, apply the CIS Amazon Elastic Kubernetes Service (EKS) Benchmark rulesetįor GKE clusters, apply the CIS Google Kubernetes Engine (GKE) Benchmark rulesetįor Microsoft AKS clusters, apply the CIS Microsoft Kubernetes Engine (AKS) Benchmark rulesetįor OpenShift clusters, apply CIS OpenShift Container Platform Benchmark rulesetįor other platforms, use the latest CIS Kubernetes Benchmark and Kubernetes CloudGuard Best Practices rulesets.Īll available rulesets are shown on the Posture Management > Policy > Rulesets page. For your posture management, you can use general or vendor-specific rulesets.īest Practice - Check Point recommends using rulesets developed for dedicated cloud providers:įor EKS Amazon Elastic Kubernetes Service (Amazon EKS) is a managed Kubernetes service that makes it easy for you to run Kubernetes on AWS and on-premises. To examine your Kubernetes clusters, CloudGuard uses rulesets as for all other onboarded environments. See Onboarding Kubernetes Clusters for details on how to onboard the clusters.įor more details on CloudGuard CSPM, see Cloud Security Posture Management.ĬloudGuard Workload Protection - Kubernetes Posture Management It can examine your clusters deployed at various cloud providers, as well as clusters located on premises. cluster to CloudGuard, it immediately starts to apply Posture Management rules to the cluster. When you onboard a Kubernetes Kubernetes, often abbreviated as “K8s”, orchestrates containerized applications to run on a cluster of hosts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |