Collect logs to remote data storage
Info
ID: MS-M9020
MITRE mitigation: M1029
Collect the Kubernetes and application logs of pods to external data storage to avoid tampering or deletion. This can be achieved by various open-source tools such as Fluentd. Also, built-in cloud solutions are available for managed clusters, such as Container Insights and Log Analytics in AKS and Cloud Logging in GKE.
Techniques Addressed by Mitigation
| ID | Name | Use |
|---|---|---|
| MS-TA9021 | Clear container logs | Collect container logs to a separate storage system. |
| MS-TA9022 | Delete Kubernetes events | Collect Kubernetes logs to a separate storage system. |