C-0067 - Audit logs enabled

Prerequisites

Integrate with cloud provider (see here)

Framework

ClusterScan, MITRE, cis-eks-t1.2.0, ArmoBest, SOC2, NSA, AllControls

Severity

Medium

Description of the the issue

Audit logging is an important security feature in Kubernetes, it enables the operator to track requests to the cluster. It is important to use it so the operator has a record of events happened in Kubernetes

Related resources

Pod

What does this control test

Reading the cluster description from the managed cloud API (EKS, GKE), or the API server pod configuration for native K8s and checking if audit logging is enabled

Remediation

Turn on audit logging for your cluster. Look at the vendor guidelines for more details

Example

No example