C-0067 - Audit logs enabled
Prerequisites
Integrate with cloud provider (see here)
Framework
NSA, AllControls, cis-eks-t1.2.0, ArmoBest, ClusterScan, MITRE, SOC2
Severity
Medium
Description of the the issue
Audit logging is an important security feature in Kubernetes, it enables the operator to track requests to the cluster. It is important to use it so the operator has a record of events happened in Kubernetes
Related resources
Pod
What does this control test
Reading the cluster description from the managed cloud API (EKS, GKE), or the API server pod configuration for native K8s and checking if audit logging is enabled
Remediation
Turn on audit logging for your cluster. Look at the vendor guidelines for more details
Example
No example
Updated about 1 month ago