| ID | Type | Description | Reference |
|---|---|---|---|
CON-LOG-REQ-1 | REQUIRED | The container and container application MUST log successful and unsuccessful authentication attempts, e.g., authentication associated with a transaction, authentication to create a session, authentication to assume elevated privilege. | R-54520 |
CON-LOG-REQ-2 | The container and container application MUST log logoffs. | R-55478 | |
CON-LOG-REQ-3 | The container and container application MUST log starting and stopping of security logging. | R-13344 | |
CON-LOG-REQ-4 | The container and container application MUST log success and unsuccessful creation, removal, or change to the inherent privilege level of users. | R-07617 | |
CON-LOG-REQ-5 | The container and container application MUST log connections to the network listeners of the container. | R-94525 | |
| CON-LOG-REQ-6 | The container and container application MUST log the addition, deletion or modification of files in the container. | ||
| CON-LOG-REQ-MP05 | The container MUST log lifecycle events | ||
| CON-LOG-REQ-MP06 | Log anonymous requests | ||
| CON-LOG-REQ-MP07 | Container administration services activities and executed commands MUST be logged. (e.g., Build requests, Runtime commands) (Available in docker Daemon Logs) | T1609, T1612 | |
| CON-LOG-REQ-MP08 | The container MUST log API calls (such as: syscalls, those that deploy containers, Discovery API). (Available in docker daemon log). | T1610, T1204, T1611, T1068, T1552, T1613, T1525 | |
| CON-LOG-REQ-MP09 | The container MUST log creation of scheduled jobs in containers. ( Available at the K8S level) | T1053 | |
| CON-LOG-REQ-MP10 | Image registry events MUST be logged (e.g., additions) | T1204 | |
Overview
Content Tools