Run Kubescape with host sensor (see here)
Security audit logs should cover access and modification of key resources in the cluster, to enable them to form an effective part of a security environment.
Ensure that the audit policy created for the cluster covers key security concerns.
Review the audit policy provided for the cluster and ensure that it covers at least the following areas :-
- Access to Secrets managed by the cluster. Care should be taken to only log Metadata for requests to Secrets, ConfigMaps, and TokenReviews, in order to avoid the risk of logging sensitive data.
- Modification of
- Use of
For most requests, minimally logging at the Metadata level is recommended (the most basic level of logging).
Consider modification of the audit policy in use on the cluster to include these items, at a minimum.
Increasing audit logging will consume resources on the nodes or other log destination.
By default Kubernetes clusters do not log audit information.
Updated 6 days ago