Detective
Definition
In the context of cybersecurity, “Detective” refers to controls and mechanisms designed to identify and report security incidents, policy violations, or unauthorized activities within a system or network. These controls are essential for monitoring, logging, and alerting on suspicious activities, enabling organizations to respond promptly to potential threats and breaches.
Secure Settings Example
# Example of a secure logging configuration in a Kubernetes environment
apiVersion: v1
kind: ConfigMap
metadata:
name: audit-log-config
namespace: kube-system
data:
audit-policy.yaml: |
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: Metadata
resources:
- group: ""
resources: ["pods", "services"]
- level: RequestResponse
resources:
- group: "rbac.authorization.k8s.io"
resources: ["roles", "rolebindings"]
Insecure Settings Example
# Example of an insecure logging configuration with insufficient detail
apiVersion: v1
kind: ConfigMap
metadata:
name: audit-log-config
namespace: kube-system
data:
audit-policy.yaml: |
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
- level: None