Kubernetes extension - the initial shape

[PavelJurka]

This issue is about to extend OCSF schema by Kubernetes mapping. The extension should be provided as a separated extension like the current Windows and Linux.

After data analyses the topology copies K8s API - the objects are split by type (workload, cluster resources etc.) with common shared object. Each objects leads to asset and usage is via discovery classes. The hierarchy is defined as bottom-up.

The basic elements defined by this issue:

• Cluster - the root element object k8s_cluster - used by **K8s Cluster Inventory Info **
• Workload - object of type k8s_workload - used by - K8s Workload Inventory Info
• Cluster resource - k8s_cluster_resource used by K8s Cluster resource Inventory Info
• Container - k8s_container used by K8s Container Inventory Info

Common structure:

Inventory classes

• extension of discovery

K8s elements

• basic fields + common shared objects like **k8s_metada, status, annotations ect... **
• enumeration defines a type of it

Cluster Overview:

Discovery Overview:

Workload Overview:

Cluster resource:

Container overview: