Audit logging must be enabled on MKE.

An XCCDF Rule

Description

<VulnDiscussion>Enabling audit logging on MKE enhances security, supports compliance efforts, provides user accountability, and offers valuable insights for incident response and operational management. It is an essential component of maintaining a secure, compliant, and well-managed Kubernetes environment. Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible for one.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-260914r966099_rule
Severity: Medium
References: CCI-000018 CCI-000135 CCI-000169 CCI-000172 CCI-001403 CCI-001404 CCI-001405 CCI-001464 CCI-002234
Updated: 19 days ago

Log in to the MKE web UI and navigate to admin >> Admin Settings >> Logs & Audit Logs.

In the "Configure Audit Log Level" section, select "Request"

In the "Configure Global Log Level" section, select "INFO" or "DEBUG". 
Note: The recommended setting is "INFO".
Click "Save".

Audit logging must be enabled on MKE.

Description

Remediation - Manual Procedure