This issue is about to extend OCSF schema by Kubernetes mapping. The extension should be provided as a separated extension like the current Windows and Linux.
After data analyses the topology copies K8s API - the objects are split by type (workload, cluster resources etc.) with common shared object. Each objects leads to asset and usage is via discovery classes. The hierarchy is defined as bottom-up.
The basic elements defined by this issue:
Cluster - the root element object k8s_cluster - used by K8s Cluster Inventory Info
Workload - object of type k8s_workload - used by - K8s Workload Inventory Info
Cluster resource - k8s_cluster_resource used by K8s Cluster resource Inventory Info
Container - k8s_container used by K8s Container Inventory Info
Common structure:
Inventory classes
extension of discovery
K8s elements
basic fields + common shared objects like k8s_metada, status, annotations ect...
enumeration defines a type of it
Delete once you have confirmed the following:
TBD
Did you add a single line summary of changes to Unreleased section in the CHANGELOG.md file?
Related Issue:
https://github.com/ocsf/ocsf-schema/issues/1131
Description of changes:
This issue is about to extend OCSF schema by Kubernetes mapping. The extension should be provided as a separated extension like the current Windows and Linux.
After data analyses the topology copies K8s API - the objects are split by type (workload, cluster resources etc.) with common shared object. Each objects leads to asset and usage is via discovery classes. The hierarchy is defined as bottom-up.
The basic elements defined by this issue:
Cluster - the root element object k8s_cluster - used by K8s Cluster Inventory Info Workload - object of type k8s_workload - used by - K8s Workload Inventory Info Cluster resource - k8s_cluster_resource used by K8s Cluster resource Inventory Info Container - k8s_container used by K8s Container Inventory Info Common structure:
Inventory classes
extension of discovery K8s elements
basic fields + common shared objects like k8s_metada, status, annotations ect... enumeration defines a type of it
Delete once you have confirmed the following:
TBD
Unreleased
section in the CHANGELOG.md file?