C-0067 - Audit logs enabled

Audit logs enabled

Note: this control relevant for cloud managed Kubernetes cluster


MITRE, ArmoBest, NSA, AllControls



Description of the the issue

Audit logging is an important security feature in Kubernetes, it enables the operator to track requests to the cluster. It is important to use it so the operator has a record of events happened in Kubernetes

Related resources


What does this control test

Reading the cluster description from the managed cloud API (EKS, GKE), or the API server pod configuration for native K8s and checking if audit logging is enabled


Turn on audit logging for your cluster. Look at the vendor guidelines for more details


No example

Did this page help you?