Before any security scanning for behavioral assessment could occur, Zetafence(TM) engines must discover various entities specific to the underlying assessment environment such as AWS, GCP, or Kubernetes cluster.

Discoverable entities include cloud resources such as users, roles, policies, permission resources, access keys, monitoring logs & events, API events, object buckets such as S3, infrastructure compute resources, IPs, ports, security groups, etc.

Figure below shows a set of all discoverable objects (left) fed to Zetafence engine, which results in enriched and highly correlated data.

In Kubernetes clusters, Zetafence polls the API server for the following objects, their annotations, and labels.

Services, Deployments, Pods, Cluster Roles, Service-Account, Secrets, Events, etc.

As each of these entities are being discovered, Zetafence enriches them by identifying the source, labels, tags, attributes, created & modified time, and users. In addition, careful dependencies are built as well such as service to deployment, and deployment to pods.

Discovery Agents also poll and builds such dependency graphs, pushing them to the API server periodically. Thus, one could assess the evolution of complexity in the environment. Such dependency graphs along with highly enriched entities, and edge labels enables the Security Services to identify new relationships, or anamolies in the system.

Please note that the list of discoverable resources is constantly growing, and more are constantly being enhanced.