Problem Statement
What logging and monitoring should you recommend for cloud and containers to speed detection?
Explanation
Collect API audit logs, IAM auth events, and network flow logs. In clusters, enable audit logs, admission logs, and container runtime logs. Correlate with workload labels and trace IDs. Alert on sensitive actions like role changes, public bucket policy changes, and creation of long-lived keys. Keep logs tamper-resistant with write-once storage and defined retention.
Code Solution
SolutionRead Only
Alerts: iam:UpdateAssumeRolePolicy, s3:PutBucketAcl public, k8s ClusterRoleBinding changes
