Kubernetes audit logging with admission controller

Kubernetes log integration enables IBM Cloud® Security and Compliance Center Workload Protection to use Kubernetes audit log data for Falco Rules and activity auditing. Integration allows auditing of the creation and destruction of pods, services, deployments, and daemon sets. Creating, updating, and removing config maps or secrets and attempts to subscribe to changes to any endpoint are also monitored.

IBM Cloud Security and Compliance Center Workload Protection implements Sysdig Secure functionality. Information that is provided by the Sysdig Secure documentation applies to Workload Protection as well.

For more information, see Kubernetes audit logging