...
| ID | Description | Reference |
|---|---|---|
CON-LOG-REQ-1 | The container and container application MUST log successful and unsuccessful authentication attempts, e.g., authentication associated with a transaction, authentication to create a session, authentication to assume elevated privilege. | R-54520 |
CON-LOG-REQ-2 | The container and container application MUST log logoffs. | R-55478 |
CON-LOG-REQ-3 | The container and container application MUST log starting and stopping of security logging. | R-13344 |
CON-LOG-REQ-4 | The container and container application MUST log success and unsuccessful creation, removal, or change to the inherent privilege level of users. | R-07617 |
CON-LOG-REQ-5 | The container and container application MUST log connections to the network listeners of the container. | R-94525 |
| CON-LOG-REQ-6 | The container and container application MUST log the addition and deletion of files in the container. | |
| CON-LOG-REQ-MP05 | The container MUST log lifecycle events | |
| CON-LOG-REQ-MP07 | Container administration services actvities and executed commands MUST be logged. (e.g., Build requests, Runtime commands) (Availbel in docker Daemon Logs) | T1609, T1612 |
| CON-LOG-REQ-MP08 | The container MUST log API calls (such as: syscalls, those that deploy containers, Discovery API). (Availabe in docker daemon log). | T1610, T1204, T1611, T1068, T1552, T1613, T1525 |
| CON-LOG-REQ-MP09 | The container MUST log creation of scheduled jobs in containers. ( Available at the K8S level) | T1053 |
| CON-LOG-REQ-MP10 | Image registry events MUST be logged (e.g., additions) | T1204 |
| CON-LOG-REQ-MP06 | Log anonymous requests | |
...