In the Administration → Events section, Kaspersky Container Security displays the occurred events that can be used for informational purposes, to track ongoing processes, to analyze security threats, and to determine what caused the solution failures.
Kaspersky Container Security displays the following types of events:
Audit events. This group of events includes user activity audit data, such as information about configured settings of the solution, user authentications, changes in groups, and modifications or deletion of information within the solution.
Solution operating results. These events include alerts about a triggered response policy.
Records of the internal operations of solution applications.
Kaspersky Container Security shows the following security event categories:
Administration—all events related to solution administration are logged.
Policies (scanner policies, assurance policies, response policies, runtime policies) — events related to compliance or non-compliance of an image with applicable policies.
Malware — events that occur when malware is detected during a scan of images.
Sensitive data — events related to the detection of exposed sensitive data during a scan (for example, scanned images and functions).
Non-compliance — the following events are recorded:
Detection of non-compliant images.
Functions that do not comply with requirements, and runtime implementation of these functions.
Nodes that do not comply with requirements, and runtime actions of these nodes.
A list of security events is displayed for a specific period. You can select one of the provided options or define your own time period. For any period you select, the time count begins from the current day. Events for the last week are displayed by default.
Kaspersky Container Security displays the events that occurred during scans. The events are displayed as a table for the following event categories:
Administration.
Alerts.
CI/CD.
Policies.
Resources.
Scanners.
Admission controller.
API.
Healthcheck.
The security event log of Kaspersky Container Security is maintained and stored in PostgreSQL and does not have data protection mechanisms.