https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/kubernetes-cis-scans-for-eks-and-oke/m-p/1217788#M1415 <P>Was this feature ever added to Palo Alto Prisma Cloud?&nbsp; Does Prisma Cloud support scanning of EKS, AKS, GKE using vendor specific CIS Benchmarks?</P> Thu, 30 Jan 2025 12:19:01 GMT jdmacallister 2025-01-30T12:19:01Z https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/kubernetes-cis-scans-for-eks-and-oke/m-p/538493#M921 <P>We have Kubernetes deployments in AWS (EKS) and OCI (OKE). The Prisma Cloud compliance scans being run against these clusters are using the generic CIS Kubernetes 1.2 benchmark rather than using the CIS benchmarks that have been customized for EKS and OKE.</P> <P>&nbsp;</P> <P>The use of the generic benchmark scan results in a number of findings that our DevOPS team have determined to be false positives, and other anomalies such as wrong file path because of differences in how these cloud providers implement Kubernetes.</P> <P>&nbsp;</P> <P>I am looking for a way to force Prisma Cloud to scan OKE clusters against the OKE benchmark, and EKS clusters against the EKS benchmark to get more accurate scan results.</P> Wed, 12 Apr 2023 17:16:31 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/kubernetes-cis-scans-for-eks-and-oke/m-p/538493#M921 jmadigan1 2023-04-12T17:16:31Z https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/kubernetes-cis-scans-for-eks-and-oke/m-p/538526#M922 <P>Hi,</P> <P>&nbsp;</P> <P>Thank you for reaching to Palo Alto Networks Support. My name is Umer, and I am part of Prisma Cloud Compute Support team.</P> <P>&nbsp;</P> <P>We currently has a feature request to add kubernetes specific CIS benchmark, and the request is under future consideration:</P> <P><A href="https://prismacloud.ideas.aha.io/ideas/TP-I-965" target="_blank">https://prismacloud.ideas.aha.io/ideas/TP-I-965</A></P> <P>&nbsp;</P> <P>Future consideration flag suggest that product team has reviewed the request, and it will be implemented it in one of our future releases.&nbsp;</P> <P>&nbsp;</P> <P>Please feel free to upvote on that request.</P> <P>&nbsp;</P> <P>Regards,</P> <P>&nbsp;</P> Wed, 12 Apr 2023 21:06:04 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/kubernetes-cis-scans-for-eks-and-oke/m-p/538526#M922 USheikh 2023-04-12T21:06:04Z https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/kubernetes-cis-scans-for-eks-and-oke/m-p/1217788#M1415 <P>Was this feature ever added to Palo Alto Prisma Cloud?&nbsp; Does Prisma Cloud support scanning of EKS, AKS, GKE using vendor specific CIS Benchmarks?</P> Thu, 30 Jan 2025 12:19:01 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/kubernetes-cis-scans-for-eks-and-oke/m-p/1217788#M1415 jdmacallister 2025-01-30T12:19:01Z https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/kubernetes-cis-scans-for-eks-and-oke/m-p/1224788#M1451 <P>Based on the link provided to the original enhancement request, this was released in last year in July. This includes the benchmarks below:</P> <P>&nbsp;</P> <UL> <LI data-slate-object="block" data-key="16"><SPAN data-slate-object="text" data-key="17">CIS Kubernetes 1.6.0 CIS </SPAN><SPAN data-slate-object="text" data-key="18">Oracle Cloud Infrastructure </SPAN></LI> <LI data-slate-object="block" data-key="16"><SPAN data-slate-object="text" data-key="18">Container Engine for Kubernetes(OKE) 1.0 </SPAN></LI> <LI data-slate-object="block" data-key="16"><SPAN data-slate-object="text" data-key="18">CIS Google Kubernetes Engine (GKE) 1.0 </SPAN></LI> <LI data-slate-object="block" data-key="16"><SPAN data-slate-object="text" data-key="18">CIS Amazon Elastic Kubernetes Service (EKS) 1.0 CIS Docker 1.2.0</SPAN></LI> </UL> <P class="" data-slate-object="block" data-key="19">&nbsp;</P> <P class="" data-slate-object="block" data-key="19">This excludes OpenShift, and cloud-specific flavors like ROSA (<STRONG>R</STRONG>edHat <STRONG>O</STRONG>pen<STRONG>S</STRONG>hift in <STRONG>A</STRONG>WS)</P> <P class="" data-slate-object="block" data-key="19">&nbsp;</P> <P class="" data-slate-object="block" data-key="19">We have increased the coverage for OpenShift compliance checks since 3.x. Check with your assigned Customer Success Engineer with the latest details on that</P> <P class="" data-slate-object="block" data-key="19">&nbsp;</P> <P class="" data-slate-object="block" data-key="19">Thank you</P> Wed, 26 Mar 2025 12:52:12 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/kubernetes-cis-scans-for-eks-and-oke/m-p/1224788#M1451 JJean-Claude 2025-03-26T12:52:12Z