discovery-engine issues

Security fixes for knoxAutoPolicy

- [ ] do not skip TLS cert check ... cluster-mgmt server is using self-signed-cert and thus the checks are failing for HTTP client in knoxautopolicy. Currently we are skipping...

nyrahul

Support discovering system policy according to the drop reason

Basically, knoxAutoPolicy discovers the system policy based on the system log/alert. Also, we need to support the functionality that can discover the system policy from the dropped system log as...

seungsoo-lee

PolicyDiscovery

Support system policy discovery from the system alert events

1

As of now, if at least 1 kubeArmorPolicy applied, KubeArmor doesn't generate the system logs anymore. Rather, it generates the system alert events. Thus, we need to discover the system...

seungsoo-lee

PolicyDiscovery

Update Document

Update github document for system policy discovery parts

seungsoo-lee

documentation

PolicyDiscovery

Performance test with L7 visibility

1

Performance test with Cilium L7 visibility base (no L7 visibility) HTTP visibility will be tested by Apache Bench

seungsoo-lee

PolicyDiscovery

discovery-engine
discovery-engine copied to clipboard

Metadata

Security fixes for knoxAutoPolicy

Support discovering system policy according to the drop reason

Support system policy discovery from the system alert events

Update Document

Performance test with L7 visibility

Target PodSecurityPolicy and auto-discover PSPs

Use-cases: NSA K8s-hardening-guidelines document

Confidence factor as part of discovered policy

Configuration of aggregation logic threshold

Capability system policy discovery

← Metadata

Owner

Metadata

discovery-engine discovery-engine copied to clipboard

Metadata

← Metadata

Owner

Metadata

discovery-engine
discovery-engine copied to clipboard