C-0067 - Audit logs enabled

Audit logs enabled

Note: this control relevant for cloud managed Kubernetes cluster

Framework

AllControls, NSA, MITRE, ArmoBest

Severity

Low

Description of the the issue

Audit logging is an important security feature in Kubernetes, it enables the operator to track requests to the cluster. It is important to use it so the operator has a record of events happened in Kubernetes

Related resources

Pod

What does this control test

Reading the cluster description from the managed cloud API (EKS, GKE), or the API server pod configuration for native K8s and checking if audit logging is enabled

Remediation

Turn on audit logging for your cluster. Look at the vendor guidelines for more details

Example

No example


Did this page help you?