Back to all scenarios
Scenario #268
Security
Kubernetes v1.24, Azure AKS

Lack of Audit Logging

Absence of audit logging hindered the ability to detect and investigate security incidents.

Find this helpful?
What Happened

A security incident occurred, but due to the lack of audit logs, it was challenging to trace the actions leading up to the incident and identify the responsible parties.

Diagnosis Steps
  • 1Attempted to review audit logs for the incident timeframe.
  • 2Discovered that audit logging was not enabled.
  • 3Assessed the impact of missing audit data on the investigation.
Root Cause

Audit logging was not configured in the Kubernetes cluster.

Fix/Workaround
• Enabled audit logging in the cluster.
• Configured log retention and monitoring policies.
• Integrated audit logs with a centralized logging system for analysis.
Lessons Learned

Audit logs are essential for monitoring and investigating security events.

How to Avoid
  • 1Enable and configure audit logging in all clusters.
  • 2Regularly review and analyze audit logs for anomalies.
Previous ScenarioNext Scenario