检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
How Do I Enable the API Server Audit for an On-Premises Kubernetes Container? What Do I Do If the Container Cluster Protection Plug-in Fails to Be Uninstalled? What Do I Do If the Cluster Connection Component (ANP-Agent) Failed to Be Deployed?
Audit and Logging Cloud Trace Service (CTS) keeps track of user activities and resource changes on your cloud resources. It helps you collect, store, and query operational records for security analysis, audit and compliance, and fault location.
Container Audit Container Audit Overview Viewing Container Audit Logs Parent Topic: Security Operations
Querying the Audit Log List of the Kubernetes Cluster Function This API is used to query the audit log list of the Kubernetes cluster. Calling Method For details, see Calling APIs.
Container Audit Overview What Is Container Audit?
On the displayed slide-out panel on the right, you can view the audit description, suggestion, and affected images of the check item. Password Complexity Policy Risks Check Affected Images and Policy Risks, and modify your password complexity policies based on Suggestion.
Security Shared Responsibilities Certificates Asset Identification and Management Identity Authentication and Access Control Data Protection Technologies Audit and Logging Service Resilience Risk Monitoring
You can use these traces to perform security analysis, track resource changes, audit compliance, backtrack problems, and locate faults. CTS records operations on HSS resources.
Table 1 Required permissions on other cloud service resources Function Required Permission Cloud Service Permission Usage Permission Action Container audit (image repository audit) CTSOperatePolicy Query audit events cts:trace:list Obtain image operation logs (CTS logs of SWR).
Security Operations Policy Management Handling History Container Audit Security Report Free Health Check Monthly Operation Summary
CCE Integrated Protection Configuration Querying the Number of Cluster Assets Obtaining Some Prompt Information Synchronizing Cluster Protection Events Querying the Cluster Component Protection Policy Templates Querying a Cluster Component Protection Policy Template Querying the Audit
On the displayed slide-out panel on the right, you can view the audit description, suggestion, and affected images of the check item. Password Complexity Policy Risks Check Affected Images and Policy Risks, and modify your password complexity policies based on Suggestion.
Related Services You can use SMN to receive alarm notifications, IAM service to manage user permissions, and Cloud Trace Service (CTS) to audit user behaviors.
A report will be retained for six months after generation to meet DJCP MLPS and audit requirements. Security Report Description By default, weekly and monthly reports are preconfigured in HSS.
Viewing Container Audit Logs Scenario This section describes how to view container audit logs. Viewing Container Audit Logs Log in to the HSS console. Click in the upper left corner and select a region or project.
--audit-log-maxage: maximum number of days for storing old audit log files. --audit-log-maxbackup: maximum number of retained audit log files.
Container Audit Overview Viewing Container Audit Logs Monthly Operation Summary On the first day of each month, HSS generates a security operations summary report for last month.
Security audit Periodically perform baseline checks on servers and containers to detect and rectify non-compliant system configurations in a timely manner, ensuring system security and reducing intrusion risks. Usage Process Table 1 Usage process No.
The value of X-Subject-Token in the response header is a token. region No String Region ID Response Parameters Status code: 200 Table 4 Response body parameters Parameter Type Description description String Check item description reference String Reference audit String Audit description
Modifying unsafe configuration items View details about a detection rule, verify the detection result based on the audit description, and handle the exception based on the modification recommendation.
