TABLE OF CONTENTS


Overview


The Infrastructure screen of the Aqua UI lists and provides information related to the Kubernetes assets in your environment: clusters (actively discovered by Aqua) and hosts. 


A host is a (virtual) machine that runs your workloads. It can be based on Kubernetes or a different orchestration platform. It may or may not have an Aqua Enforcer deployed and running on it. The Infrastructure screen contains these tabs:

  • Assets: lists the clusters and hosts in your environment
  • Scan Queue: view the queue for host scanning
  • Scan History: view previous host scanning results on a per-host basis


Clusters


When you click the name of a cluster in the Infrastructure screen, the Risk tab for the cluster is displayed. If the kube-hunter has scanned the cluster, the results of the scan are shown in the Risk tab. A summary of all security issues found by the kube-hunter appears at the bottom of the screen.


These tabs are available:

  • Information: displays various attributes and status of the cluster
  • Roles: appears only if Aqua has not been integrated with Apolicy. This tab displays information on Kubernetes roles, rules, and bindings.
  • Apolicy-related tabs: The Apolicy Roles and Apolicy Subjects tabs appear only if Aqua has been integrated with the third-party Apolicy application. Apolicy assesses Kubernetes roles and subjects (users and service accounts) on your clusters.


Hosts


Clicking the name of a host in the Infrastructure page presents complete results of the latest Host Assurance assessment. The information is organized into tabs:

  • Risk: shows host compliance status and a summary of security issues found in the most recent host scan
  • Information: shows details about the host and (if applicable) the Docker environment
  • Vulnerabilities: shows all the vulnerabilities found in the most recent host scan
  • Resources: shows all vulnerabilities found in resources (such as packages) in the most recent host scan
  • Malware: shows all instances of malware found in the most recent host scan
  • Compliance Results: as applicable, this tab shows the results of the following benchmark tests of the host: Docker CIS, Kubernetes CIS, Linux CIS, and one or more Custom Compliance Checks
  • Containers: lists all containers running on the host
  • Images: presents a list of all container images discovered on the host
  • Audit: shows all audit events that have been generated for this host, grouped according to severity


For more information


See Infrastructure.