Versions Compared

Old Version 32

changes.mady.by.user Robert Heinemann

Saved on

compared with

New Version 33

changes.mady.by.user Robert Heinemann

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Proposed Logging Practice Requirements

IDDescriptionReference

CON-LOG-REQ-19

The container MUST be capable of automatically synchronizing the system clock daily with the Operator’s trusted time source, to assure accurate time reporting in log files. It is recommended that Coordinated Universal Time (UTC) be used where possible to eliminate ambiguity owing to daylight savings time.R-629534









Proposed Security Event Generation Requirements

IDDescriptionReference

CON-LOG-REQ-1 

The container and container application MUST log successful and unsuccessful authentication attempts, e.g., authentication associated with a transaction, authentication to create a session, authentication to assume elevated privilege.R-54520

CON-LOG-REQ-2 

The container and container application MUST log logoffs.R-55478

CON-LOG-REQ-3 

The container and container application MUST log starting and stopping of security logging.R-13344

CON-LOG-REQ-4 

The container and container application MUST log success and unsuccessful creation, removal, or change to the inherent privilege level of users.R-07617

CON-LOG-REQ-5 

The container and container application MUST log connections to the network listeners of the container. R-94525
CON-LOG-REQ-6The container and container application MUST log the addition and deletion of files in the container.
CON-LOG-REQ-MP05The container MUST log lifecycle events
CON-LOG-REQ-MP07Container administration services actvities and executed commands MUST be logged.  (e.g., Build requests, Runtime commands) (Availbel in docker Daemon Logs)T1609, T1612
CON-LOG-REQ-MP08The container MUST log API calls (such as: syscalls, those that deploy containers, Discovery API). (Availabe in docker daemon log).T1610, T1204, T1611, T1068, T1552, T1613, T1525
CON-LOG-REQ-MP09The container MUST log creation of scheduled jobs in containers. ( Available at the K8S level)T1053
CON-LOG-REQ-MP10Image registry events MUST be logged (e.g., additions)T1204
CON-LOG-REQ-MP06Log anonymous requests




Proposed Required Metadata for Security Events

...