elastic · benironside · Apr 2, 2025 · Mar 24, 2025 · Mar 24, 2025 · Mar 25, 2025
@@ -0,0 +1,45 @@
+
+The Benchmarks page lets you view the cloud security posture (CSP) benchmark rules for the [Cloud security posture management](/solutions/security/cloud/cloud-security-posture-management.md) (CSPM) and [Kubernetes security posture management](/solutions/security/cloud/kubernetes-security-posture-management.md) (KSPM) integrations.
+
+:::{image} /solutions/images/security-benchmark-rules.png
+:alt: Benchmarks page
+:screenshot:
+:::
+
+
+## What are benchmark rules? [_what_are_benchmark_rules]
+
+Benchmark rules are used by the CSPM and KSPM integrations to identify configuration risks in your cloud infrastructure. Benchmark rules are based on the Center for Internet Security’s (CIS) [secure configuration benchmarks](https://www.cisecurity.org/cis-benchmarks/).
+
+Each benchmark rule checks to see if a specific type of resource is configured according to a CIS Benchmark. The names of rules describe what they check, for example:
+
+* `Ensure Kubernetes Secrets are encrypted using Customer Master Keys (CMKs) managed in AWS KMS`
+* `Ensure the default namespace is not in use`
+* `Ensure IAM policies that allow full "*:*" administrative privileges are not attached`
+* `Ensure the default namespace is not in use`
+
+When benchmark rules are evaluated, the resulting [findings](/solutions/security/cloud/findings-page-2.md) data appears on the [Cloud Security Posture dashboard](/solutions/security/dashboards/cloud-security-posture-dashboard.md).
+
+::::{note}
+Benchmark rules are not editable.
+::::
+
+
+
+## Review your benchmarks [_review_your_benchmarks]
+
+Find **Benchmarks** in the navigation menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md). From there, you can click a benchmark’s name to view the benchmark rules associated with it. You can click a benchmark rule’s name to see details including information about how to remediate it, and related links.
+
+Benchmark rules are enabled by default, but you can disable some of them — at the benchmark level — to suit your environment. This means for example that if you have two integrations using the `CIS AWS` benchmark, disabling a rule for that benchmark affects both integrations. To enable or disable a rule, use the **Enabled** toggle on the right of the rules table.
+
+::::{note}
+Disabling a benchmark rule automatically disables any associated detection rules and alerts. Re-enabling a benchmark rule **does not** automatically re-enable them.
+::::
+
+
+
+## How benchmark rules work [_how_benchmark_rules_work]
+
+1. When a security posture management integration is deployed, and every four hours after that, {{agent}} fetches relevant cloud resources.
+2. After resources are fetched, they are evaluated against all applicable enabled benchmark rules.
+3. Finding values of `pass` or `fail` indicate whether the standards defined by benchmark rules were met.
@@ -0,0 +1,40 @@
+The Cloud Native Vulnerability Management (CNVM) dashboard gives you an overview of vulnerabilities detected in your cloud infrastructure.
+
+:::{image} /solutions/images/security-vuln-management-dashboard.png
+:alt: The CNVM dashboard
+:::
+
+::::{admonition} Requirements
+* To collect this data, install the [Cloud Native Vulnerability Management](/solutions/security/cloud/get-started-with-cnvm.md) integration.
+* The CNVM dashboard is available to all Elastic Cloud users. For on-premises deployments, it requires an [Enterprise subscription](https://www.elastic.co/pricing).
+
+::::
+
+
+::::{warning}
+This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.
+::::
+
+
+
+## CNVM dashboard UI [CNVM-dashboard-UI-dash]
+
+The summary cards at the top of the dashboard display the number of monitored cloud accounts, scanned virtual machines (VMs), and vulnerabilities (grouped by severity).
+
+The **Trend by severity** bar graph complements the summary cards by displaying the number of vulnerabilities found on your infrastructure over time, sorted by severity. It has a maximum time scale of 30 days.
+
+::::{admonition} Graph tips
+* Click the severity levels legend on its right to hide/show each severity level.
+* To display data from specific cloud accounts, select the account names from the **Accounts** drop-down menu.
+
+::::
+
+
+The page also includes three tables:
+
+* **Top 10 vulnerable resources** shows your VMs with the highest number of vulnerabilities.
+* **Top 10 patchable vulnerabilities** shows the most common vulnerabilities in your environment that can be fixed by a software update.
+* **Top 10 vulnerabilities** shows the most common vulnerabilities in your environment, with additional details.
+
+Click **View all vulnerabilities** at the bottom of a table to open the [Vulnerabilities Findings](/solutions/security/cloud/findings-page-3.md) page, where you can view additional details.
+
@@ -0,0 +1,51 @@
+
+The Cloud Security Posture dashboard summarizes your cloud infrastructure’s overall performance against [security guidelines](/solutions/security/cloud/benchmarks.md) defined by the Center for Internet Security (CIS). To start collecting this data, refer to [Get started with Cloud Security Posture Management](/solutions/security/cloud/get-started-with-cspm-for-aws.md) or [Get started with Kubernetes Security Posture Management](/solutions/security/cloud/get-started-with-kspm.md).
+
+:::{image} /solutions/images/security-cloud-sec-dashboard.png
+:alt: The cloud Security dashboard
+:screenshot:
+:::
+
+The Cloud Security Posture dashboard shows:
+
+* Configuration risk metrics for all monitored cloud accounts and Kubernetes clusters
+* Configuration risk metrics grouped by the applicable benchmark, for example, CIS GCP, CIS Azure, CIS Kubernetes, or CIS EKS
+* Configuration risks grouped by CIS section (security guideline category)
+
+::::{admonition} Requirements
+* The Cloud Security Posture dashboard is available to all Elastic Cloud users. For on-prem deployments, it requires an [Enterprise subscription](https://www.elastic.co/pricing).
+
+::::
+
+
+
+## Cloud Security Posture dashboard UI [cloud-posture-dashboard-UI]
+
+At the top of the dashboard, you can switch between the cloud accounts and Kubernetes cluster views.
+
+The top section of either view summarizes your overall cloud security posture (CSP) by aggregating data from all monitored resources. The summary cards on the left show the number of cloud accounts or clusters evaluated, and the number of resources evaluated. You can click **Enroll more accounts** or **Enroll more clusters** to deploy to additional cloud assets. Click **View all resources** to open the [Findings page](/solutions/security/cloud/findings-page-2.md).
+
+The remaining summary cards show your overall compliance score, and your compliance score for each CIS section. Click **View all failed findings** to view all failed findings, or click a CIS section name to view failed findings from only that section on the Findings page.
+
+Below the summary section, each row shows the CSP for a benchmark that applies to your monitored cloud resources. For example, if you are monitoring GCP and Azure cloud accounts, a row appears for CIS GCP and another appears for CIS Azure. Each row shows the CIS benchmark, the number of cloud accounts it applies to, its overall compliance score, and its compliance score grouped by CIS section.
+
+:::{image} /solutions/images/security-cloud-sec-dashboard-individual-row.png
+:alt: A row representing a single cluster in the Cloud Security Posture dashboard
+:screenshot:
+:::
+
+
+## FAQ (Frequently Asked Questions) [cloud-posture-dashboard-faq]
+
+::::{dropdown} When do newly-enrolled clusters appear on the dashboard?
+It can take up to 10 minutes for deployment, resource fetching, evaluation, and data processing before a newly-enrolled cluster appears on the dashboard.
+
+::::
+
+
+::::{dropdown} When do unenrolled clusters disappear from the dashboard?
+A cluster will disappear as soon as the KSPM integration fetches data while that cluster is not enrolled. The fetch process repeats every four hours, which means a newly unenrolled cluster can take a maximum of four hours to disappear from the dashboard.
+
+::::
+
+
@@ -0,0 +1,65 @@
+
+## CSPM FAQ [_cspm_faq]
+
+Frequently asked questions about the Cloud Security Posture Management (CSPM) integration and features.
+
+**How often is my cloud security posture evaluated?**
+
+Cloud accounts are evaluated when you first deploy the CSPM integration and every 24 hours afterward.
+
+**Can I onboard multiple accounts at one time?**
+
+Yes. Follow the onboarding instructions in the getting started guides for AWS, GCP, or Azure.
+
+**When do newly enrolled cloud accounts appear on the dashboard?**
+
+After you deploy the CSPM integration, it can take up to 10 minutes for resource fetching, evaluation, and data processing before a newly enrolled account appears on the Cloud Security Posture dashboard.
+
+**When do unenrolled cloud accounts disappear from the dashboard?**
+
+Newly unenrolled cloud accounts can take a maximum of 24 hours to disappear from the Cloud Security Posture dashboard.
+
+
+## KSPM FAQ [_kspm_faq]
+
+Frequently asked questions about the Kubernetes Security Posture Management (KSPM) integration and features.
+
+**What versions of Kubernetes are supported?**
+
+For self-managed/vanilla and EKS clusters, Kubernetes version 1.23 is supported.
+
+**Do benchmark rules support multiple Kubernetes deployment types?** Yes. There are different sets of benchmark rules for self-managed and third party-managed deployments. Refer to [Get started with KSPM](/solutions/security/cloud/get-started-with-kspm.md) for more information about setting up each deployment type.
+
+**Can I evaluate the security posture of my Amazon EKS clusters?** Yes. KSPM currently supports the security posture evaluation of Amazon EKS and unmanaged Kubernetes clusters.
+
+**How often is my cluster’s security posture evaluated?** Clusters are evaluated when you deploy a KSPM integration, and every four hours after that.
+
+**When do newly-enrolled clusters appear on the dashboard?** It can take up to 10 minutes for deployment, resource fetching, evaluation, and data processing to complete before a newly-enrolled cluster appears on the dashboard.
+
+**When do unenrolled clusters disappear from the dashboard?** A cluster will disappear as soon as the KSPM integration fetches data while that cluster is not enrolled. The fetch process repeats every four hours, which means a newly unenrolled cluster can take a maximum of four hours to disappear from the dashboard.
+
+
+## Findings page [_findings_page]
+
+**Are all the findings page current?** Yes. Only the most recent findings appear on the Findings page.
+
+**Can I build custom visualizations and dashboards that incorporate findings data?** Yes. You can use {{kib}}'s custom visualization capabilities with findings data. To learn more, refer to [Dashboards and visualizations](/explore-analyze/dashboards.md).
+
+**Where is Findings data saved?** You can access findings data using the following index patterns:
+
+* **Current findings:** `logs-cloud_security_posture.findings_latest-*`
+* **Historical findings:** `logs-cloud_security_posture.findings-*`
+
+
+## Benchmark rules [_benchmark_rules]
+
+**How often are my resources evaluated against benchmark rules?** Resources are fetched and evaluated against benchmark rules when a security posture management integration is deployed. After that, the CSPM integration evaluates every 24 hours, and the KSPM integration evaluates every four hours.
+
+**Can I configure an integration’s fetch cycle?** No, the fetch cycle’s timing is not configurable.
+
+**Can I contribute to the CSP ruleset?** You can’t directly edit benchmark rules. The rules are defined [in this repository](https://github.com/elastic/csp-security-policies), where you can raise issues with certain rules. They are written in [Rego](https://www.openpolicyagent.org/docs/latest/policy-language/).
+
+**How can I tell which specific version of the CIS benchmarks is in use?** Refer to the `rule.benchmark.name` and `rule.benchmark.version` fields for documents in these datastreams:
+
+* `logs-cloud_security_posture.findings-default`
+* `logs-cloud_security_posture.findings_latest-default`
@@ -12,54 +12,6 @@ applies_to:
 
 # Benchmarks
 
-% What needs to be done: Lift-and-shift
-
-% Use migrated content from existing pages that map to this page:
-
-% - [x] ./raw-migrated-files/security-docs/security/cspm-benchmark-rules.md
-% - [ ] ./raw-migrated-files/docs-content/serverless/security-benchmark-rules.md
-
-The Benchmarks page lets you view the cloud security posture (CSP) benchmark rules for the [Cloud security posture management](/solutions/security/cloud/cloud-security-posture-management.md) (CSPM) and [Kubernetes security posture management](/solutions/security/cloud/kubernetes-security-posture-management.md) (KSPM) integrations.
-
-:::{image} /solutions/images/security-benchmark-rules.png
-:alt: Benchmarks page
-:screenshot:
+:::{include} _snippets/benchmarks.md
 :::
 
-
-## What are benchmark rules? [_what_are_benchmark_rules]
-
-Benchmark rules are used by the CSPM and KSPM integrations to identify configuration risks in your cloud infrastructure. Benchmark rules are based on the Center for Internet Security’s (CIS) [secure configuration benchmarks](https://www.cisecurity.org/cis-benchmarks/).
-
-Each benchmark rule checks to see if a specific type of resource is configured according to a CIS Benchmark. The names of rules describe what they check, for example:
-
-* `Ensure Kubernetes Secrets are encrypted using Customer Master Keys (CMKs) managed in AWS KMS`
-* `Ensure the default namespace is not in use`
-* `Ensure IAM policies that allow full "*:*" administrative privileges are not attached`
-* `Ensure the default namespace is not in use`
-
-When benchmark rules are evaluated, the resulting [findings](/solutions/security/cloud/findings-page-2.md) data appears on the [Cloud Security Posture dashboard](/solutions/security/dashboards/cloud-security-posture-dashboard.md).
-
-::::{note}
-Benchmark rules are not editable.
-::::
-
-
-
-## Review your benchmarks [_review_your_benchmarks]
-
-Find **Benchmarks** in the navigation menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md). From there, you can click a benchmark’s name to view the benchmark rules associated with it. You can click a benchmark rule’s name to see details including information about how to remediate it, and related links.
-
-Benchmark rules are enabled by default, but you can disable some of them — at the benchmark level — to suit your environment. This means for example that if you have two integrations using the `CIS AWS` benchmark, disabling a rule for that benchmark affects both integrations. To enable or disable a rule, use the **Enabled** toggle on the right of the rules table.
-
-::::{note}
-Disabling a benchmark rule automatically disables any associated detection rules and alerts. Re-enabling a benchmark rule **does not** automatically re-enable them.
-::::
-
-
-
-## How benchmark rules work [_how_benchmark_rules_work]
-
-1. When a security posture management integration is deployed, and every four hours after that, {{agent}} fetches relevant cloud resources.
-2. After resources are fetched, they are evaluated against all applicable enabled benchmark rules.
-3. Finding values of `pass` or `fail` indicate whether the standards defined by benchmark rules were met.
@@ -0,0 +1,12 @@
+---
+applies_to:
+  stack: beta
+  serverless:
+    security: beta
+---
+
+# Cloud Native Vulnerability Management Dashboard
+
+:::{include} _snippets/cnvm-dashboard.md
+:::
+
@@ -0,0 +1,12 @@
+---
+applies_to:
+  stack: all
+  serverless:
+    security: all
+---
+
+# Cloud Security Posture dashboard
+
+
+:::{include} _snippets/cspm-dashboard.md
+:::
@@ -12,68 +12,6 @@ applies_to:
 
 # Frequently asked questions (FAQ)
 
+:::{include} _snippets/cspm-faq.md
+:::
 
-## CSPM FAQ [_cspm_faq]
-
-Frequently asked questions about the Cloud Security Posture Management (CSPM) integration and features.
-
-**How often is my cloud security posture evaluated?**
-
-Cloud accounts are evaluated when you first deploy the CSPM integration and every 24 hours afterward.
-
-**Can I onboard multiple accounts at one time?**
-
-Yes. Follow the onboarding instructions in the getting started guides for AWS, GCP, or Azure.
-
-**When do newly enrolled cloud accounts appear on the dashboard?**
-
-After you deploy the CSPM integration, it can take up to 10 minutes for resource fetching, evaluation, and data processing before a newly enrolled account appears on the Cloud Security Posture dashboard.
-
-**When do unenrolled cloud accounts disappear from the dashboard?**
-
-Newly unenrolled cloud accounts can take a maximum of 24 hours to disappear from the Cloud Security Posture dashboard.
-
-
-## KSPM FAQ [_kspm_faq]
-
-Frequently asked questions about the Kubernetes Security Posture Management (KSPM) integration and features.
-
-**What versions of Kubernetes are supported?**
-
-For self-managed/vanilla and EKS clusters, Kubernetes version 1.23 is supported.
-
-**Do benchmark rules support multiple Kubernetes deployment types?** Yes. There are different sets of benchmark rules for self-managed and third party-managed deployments. Refer to [Get started with KSPM](/solutions/security/cloud/get-started-with-kspm.md) for more information about setting up each deployment type.
-
-**Can I evaluate the security posture of my Amazon EKS clusters?** Yes. KSPM currently supports the security posture evaluation of Amazon EKS and unmanaged Kubernetes clusters.
-
-**How often is my cluster’s security posture evaluated?** Clusters are evaluated when you deploy a KSPM integration, and every four hours after that.
-
-**When do newly-enrolled clusters appear on the dashboard?** It can take up to 10 minutes for deployment, resource fetching, evaluation, and data processing to complete before a newly-enrolled cluster appears on the dashboard.
-
-**When do unenrolled clusters disappear from the dashboard?** A cluster will disappear as soon as the KSPM integration fetches data while that cluster is not enrolled. The fetch process repeats every four hours, which means a newly unenrolled cluster can take a maximum of four hours to disappear from the dashboard.
-
-
-## Findings page [_findings_page]
-
-**Are all the findings page current?** Yes. Only the most recent findings appear on the Findings page.
-
-**Can I build custom visualizations and dashboards that incorporate findings data?** Yes. You can use {{kib}}'s custom visualization capabilities with findings data. To learn more, refer to [Dashboards and visualizations](/explore-analyze/dashboards.md).
-
-**Where is Findings data saved?** You can access findings data using the following index patterns:
-
-* **Current findings:** `logs-cloud_security_posture.findings_latest-*`
-* **Historical findings:** `logs-cloud_security_posture.findings-*`
-
-
-## Benchmark rules [_benchmark_rules]
-
-**How often are my resources evaluated against benchmark rules?** Resources are fetched and evaluated against benchmark rules when a security posture management integration is deployed. After that, the CSPM integration evaluates every 24 hours, and the KSPM integration evaluates every four hours.
-
-**Can I configure an integration’s fetch cycle?** No, the fetch cycle’s timing is not configurable.
-
-**Can I contribute to the CSP ruleset?** You can’t directly edit benchmark rules. The rules are defined [in this repository](https://github.com/elastic/csp-security-policies), where you can raise issues with certain rules. They are written in [Rego](https://www.openpolicyagent.org/docs/latest/policy-language/).
-
-**How can I tell which specific version of the CIS benchmarks is in use?** Refer to the `rule.benchmark.name` and `rule.benchmark.version` fields for documents in these datastreams:
-
-* `logs-cloud_security_posture.findings-default`
-* `logs-cloud_security_posture.findings_latest-default`