Skip to content

Collect logs to remote data storage

Info

ID: MS-M9020
MITRE mitigation: M1029

Collect the Kubernetes and application logs of pods to external data storage to avoid tampering or deletion. This can be achieved by various open-source tools such as Fluentd. Also, built-in cloud solutions are available for managed clusters, such as Container Insights and Log Analytics in AKS and Cloud Logging in GKE.

Techniques Addressed by Mitigation

ID Name Use
MS-TA9021 Clear container logs Collect container logs to a separate storage system.
MS-TA9022 Delete Kubernetes events Collect Kubernetes logs to a separate storage system.