Cloud security posture management

edit

Cloud security posture management

edit

This feature requires Elastic Stack version 8.3.0 or later.

Cloud security posture management (CSPM) and Kubernetes security posture management (KSPM) continuously monitor and compare your cloud and Kubernetes infrastructure against security best practices to help you identify and remediate misconfigurations.

The steps to enable this feature differ between Elastic Cloud and self-hosted deployments.

Enable KSPM for cloud deployments

edit
  1. First, enable the KSPM flag for your deployment:

    1. From Kibana, open the main menu and click Manage this deployment.

      The Manage deployment button
    2. Under My deployment, select Kibana.
    3. Under Instances, click the three-dot menu next to your instance, then click Edit configuration.
    4. Click Edit user settings in the upper-right of the page.
    5. Add xpack.cloudSecurityPosture.enabled: true to the user settings.
    6. Click Back, then save your Kibana user settings.

      It may take up to two minutes for the changes to take effect.

  2. Return to Kibana. From the main menu, go to SecurityCloud Security.

    The Cloud Security button on the main menu
  3. Follow the prompts to set up data ingestion.

Enable KSPM for self-hosted deployments

edit
  1. Edit the kibana.yml file (typically found at /config/kibana.yml) to include xpack.cloudSecurityPosture.enabled: true.
  2. Return to Kibana. From the main menu, go to SecurityCloud Security.

    The Cloud Security button on the main menu
  3. Follow the prompts to set up data ingestion.