CWPP Dashboard
Xcitium CWPP Dashboard gives comprehensive view of runtime protection with help of widgets like Alert summary, Compliance summary, Namespace, Workload alerts and other alerts based on severity and operations. All these widgets gives the user clear idea of the runtime protection that is being done in the cluster. User can select the cluster in the filter provided and see the dashboard summary related to that cluster. There is also option for seeing the alerts and summary for particular Namespace in the cluster using the Namespace filter.
- Click 'Security' > 'Cloud Security'
- Click 'Runtime Protection' > 'CWPP Dashboard'
Alerts Summary
In the Alerts summary widgets, we can get the summary of Total alerts generated for the cluster/Namespace. Along with that we can see Total No. of blocked alerts and Total no. of Audited Alerts. Blocked Alerts are pertaining to the KubeArmor alerts that are generated due to the System block policies applied in the cluster. Audited alerts are generated by the audit policies applied in the cluster/ Namespace.
Compliance Summary
Compliance summary gives the view of Compliance benchmarks that are applied to the cluster/ Namespace by the hardening policies of KubeArmor. It gives view of MITRE, NIST, CIS, PCI-DSS Benchmarks that are applied from the policies.
Compliance Alerts
This section gives the information about the compliance alerts generated in the Cluster/Namespace in the graphical form. It uses different color coding for various Compliance Benchmarks like MITRE, NIST, PCI-DSS, etc.,
Namespace Severity Summary
In this widget users can get the summary information about the severity of the attacks that were attempted in the Namespaces that are present in the Cluster.
Top 10 Policies by Alerts Count
This Section gives information about the Top 10 policies for which alerts are generated in the cluster/Namespace. For example If there are different policies like audit, process block, file integrity policies applied in the cluster. Then this widget will give the graphical representation of top 10 policies for which high alerts are generated.
Namespace Alerts
Here the Users can get information about the Namspace specific alerts that are generated in the selected cluster.
Workload Alerts
Workload Alerts widgets provides information regarding the alerts that are generated from the workload that are running in the cluster/Namespace.
Alert based Operations
In the below widget users can know about the operations like File access or process block, audit for which operations the alerts generated. Users will be getting a graphical representation of the alerts.
Alerts based on Severity
Alerts based on Severity widget will be providing the information about the severity of the attacks that were prevented by the runtime protection policies in the selected cluster/ Namespace.