discovery-engine
discovery-engine copied to clipboard
accuknox
Discover least permissive security posture, Network Microsegmentation, and Application behaviour based on visibility/observability data emitted from policy engines..
**Description** Add support for generating lenient policies protecting sensitive assets (mount points here) **Problem** Currently we were discovering least-permissive security policies using Discovery Engine. Ideally these policies were designed to...
currently there's only yaml manifest is available to deploy the DiscoveredPolicy (dsp) controller and CRD itself. we need to update helm charts to include dsp controller deployment.
Scenario: DE is started with KubeArmor enabled but KubeArmor is not installed. In this case, the DE goes into CrashLoopBackOff. ``` 8:05PM INF usr/src/knox/src/libs/common.go:76 > BUILD-INFO: commit:ce80984, branch: dev, date:...
```yaml - apiGroups: ["*"] resources: ["pods", "services", "deployments", "endpoints", "namespaces", "nodes","replicasets", "statefulsets", "daemonsets", "secrets"] verbs: ["get", "list", "watch","create", "update", "delete"] ``` analyze and use only required permissions for each resource...
**Purpose of PR?**: Test aggrgation logic **Does this PR introduce a breaking change?** No **Checklist:** - [x] New feature (non-breaking change which adds functionality) - [x] PR Title follows the...
Unable to deploy discovery-engine using the current helm charts provided in the root folder. The helm install command throws the following error message ``` Error: INSTALLATION FAILED: ClusterRoleBinding.rbac.authorization.k8s.io "discovery-engine-role-binding" is...
### **Problem Statement** The latest Discovery Engine generates summary information for a pod, stores it in a database, and pushes the same information to the publisher. The table structure has...
**Description** The current discovered security policies are not usable. It's because we are discovering least-permissive policies (for zero trust) by default and if the discovered policy miss any important binary,...
My environment: - Kubernetes 1.23.17 - containerd 1.6.18 - Cilium 1.13.0 - KubeArmor 0.9 - Discovery Engine 0.8 I used [Google's Online boutique](https://github.com/GoogleCloudPlatform/microservices-demo) microservice application to see how the discovery...
