Chapter 12: Auditing using Falco and EFK
Each of the preceding statements has one thing in common: when any one of them occurs, you need to find out what happened.
Too often, auditing is considered only when we think of some form of attack. While we certainly require auditing to find "bad people", we also need to audit everyday standard system interactions.
Kubernetes includes logs for most of the important system events that you will need to audit, but it doesn't include everything. As we discussed in previous chapters, all API interactions will be logged by the system, which includes the majority of events you need to audit. However, there are tasks that users execute ...
Get Kubernetes and Docker - An Enterprise Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
