Security event log

In the Administration → Events section, Kaspersky Container Security displays the occurred events that can be used for informational purposes, to track ongoing processes, to analyze security threats, and to determine what caused the solution failures.

Kaspersky Container Security displays the following types of events:

• Audit events. This group of events includes user activity audit data, such as information about configured settings of the solution, user authentications, changes in groups, and modifications or deletion of information within the solution.
• Solution operating results. These events include alerts about a triggered response policy.
• Records of the internal operations of solution applications.

Kaspersky Container Security shows the following security event categories:

• Administration—all events related to solution administration are logged.
• Policies (scanner policies, assurance policies, response policies, runtime policies) — events related to compliance or non-compliance of an image with applicable policies.
• Malware — events that occur when malware is detected during a scan of images and nodes.
• Sensitive data — events related to the detection of exposed sensitive data during a scan (for example, scanned images, functions, and nodes).
• Non-compliance — the following events are recorded:
  • Detection of non-compliant images.
  • Functions that do not comply with requirements, and runtime implementation of these functions.
  • Nodes that do not comply with requirements, and runtime actions of these nodes.

A list of security events is displayed for a specific period. You can select one of the provided options or define your own time period. For any period you select, the time count begins from the current day. Events for the last week are displayed by default.

Kaspersky Container Security displays the events that occurred during scans. The events are displayed as a table for the following components:

• Administration.
• Alerts.
• CI/CD.
• Policies.
• Resources.
• Runtime.
• Scanners.

For each event, the table indicates the date and time of the event, IP address of the user, description, and status. The user name is listed for some events, such as those involving Administration, Malware, and Sensitive data categories. The security threat level is also indicated for Alerts. For events related to the Scanners component, the identifiers generated by the solution and the status of the scan jobs are also logged. For Runtime, indicate the mode (Audit or Block), cluster, and deployed pod.

The security event log of Kaspersky Container Security is maintained and stored in PostgreSQL and does not have data protection mechanisms.