This issue is about to extend OCSF schema by Kubernetes mapping. The extension should be provided as a separated extension like the current Windows and Linux.
After data analyses the topology copies K8s API - the objects are split by type (workload, cluster resources etc.) with common shared object. Each objects leads to asset and usage is via discovery classes. The hierarchy is defined as bottom-up.
The basic elements defined by this issue:
Cluster - the root element object k8s_cluster - used by K8s Cluster Inventory Info
Workload - object of type k8s_workload - used by - K8s Workload Inventory Info
Cluster resource - k8s_cluster_resource used by K8s Cluster resource Inventory Info
Container - k8s_container used by K8s Container Inventory Info
Common structure:
Inventory classes
extension of discovery
K8s elements
basic fields + common shared objects like k8s_metada, status, annotations ect...
This issue is about to extend OCSF schema by Kubernetes mapping. The extension should be provided as a separated extension like the current Windows and Linux.
After data analyses the topology copies K8s API - the objects are split by type (workload, cluster resources etc.) with common shared object. Each objects leads to asset and usage is via discovery classes. The hierarchy is defined as bottom-up.
The basic elements defined by this issue:
Common structure:
Inventory classes
K8s elements
Cluster Overview:
Discovery Overview:
Workload Overview:
Cluster resource:
Container overview: