[DOCS] User Attestation for kubernetes installation with Endpoint #2456

qcorporation · 2022-09-14T14:23:18Z

For the 8.5 Release, we will release User Attestation for Endpoint installations in a Kubernetes cluster. The product impact and epic definition are outlined here:
https://github.com/elastic/security-team/issues/3798
[after reading the ticket]

Assumptions

With the 8.4 release, Elastic has public documentation on guiding the user to installing and setting up Endpoint within a Kubernetes cluster.

A new YAML file will be needed alongside the existing YAML. This new YAML file will include a new container within the pod called elastic-sec-identity. The location of the file should exist here: https://github.com/elastic/endpoint/tree/main/releases/8.5.0/kubernetes/deploy (doesn't exist right now)
A description of what is User Attestation and how does it benefit the infosec/devsecops user by having users identify enriched within process events
Step by step process of how to deploy the new yaml file (should be the same as the existing Endpoint k8s deployment
Document the index of Endpoint
Document the new fields populated with the new attestation fields
process.attested_group, process.attested_user.*
PR: Add attested user and groups to process ecs#2050

The text was updated successfully, but these errors were encountered:

qcorporation · 2022-09-14T14:37:17Z

qcorporation · 2022-09-14T20:16:39Z

@m-sample : Provide two YAML files, 1 as the base yaml and elastic-sec-identity will be additive to the base

benironside · 2022-10-25T20:28:34Z

Closing this for now since the feature has been pushed indefinitely

qcorporation self-assigned this Sep 14, 2022

qcorporation assigned benironside Sep 14, 2022

qcorporation added Team: Docs v8.5.0 Team:AWP Feature: Session View Feature: Kubernetes labels Sep 14, 2022

benironside removed the v8.5.0 label Oct 14, 2022

benironside closed this as completed Oct 25, 2022