Creating a database for Kaspersky Container Security
To create a database for Kaspersky Container Security,
In ClickHouse on your workstation, run the following command:
CREATE DATABASE IF NOT EXISTS kcs
where kcs is the name of the database for Kaspersky Container Security.
To configure the settings of the created database for Kaspersky Container Security:
- Add users and define their authorization method. To do this, you must do the following:
- Add the following users:
- a user with rights to read data received by the Kaspersky Container Security core (reader).
<roles><kcs_reader_role><grants><query>GRANT SELECT ON kcs.*</query></grants></kcs_reader_role> - a user with rights to write data from external agent requests (writer).
<roles><kcs_writer_role><grants><query>GRANT CREATE TABLE, INSERT, ALTER, UPDATE ON kcs.*</query><query>GRANT SELECT (source_ip, source_port, source_alias, dest_ip, dest_port, dest_alias, protocol, severity, action, event_time, count, type) ON kcs.node_agent_events</query></grants></kcs_writer_role>
- a user with rights to read data received by the Kaspersky Container Security core (reader).
- Specify the user authorization method: with a password or with a certificate.
Example of configuring users with password authentication
Example of configuring users with certificate authentication
- Add the following users:
- Specify disks for short-term and long-term data storage. When working with ClickHouse, Kaspersky Container Security can store large amounts of data with various retention periods. By default, the major part of events is stored for a maximum of 30 minutes, whereas information about incidents is stored for up to 90 days. Since event recording requires a considerable resources to ensure high recording speed and disk space provision, it is recommended to use different disks for short-term and long-term data storage.