Repudiation
At a very high level, repudiation is casting doubt on something. Non-repudiation is providing proof about something. In the context of information security, non-repudiation is proving that certain actions were carried out by certain individuals.
Digging a little deeper, non-repudiation includes the ability to prove:
- What happened
- When it happened
- Who made it happen
- Where it happened
- Why it happened
- How it happened
Answering the last two usually requires the correlation of several events over a period of time.
Fortunately, auditing Kubernetes API server events can usually help answer these questions. The following is an example of an API server audit event (you may need to manually enable auditing on your API server).
{ "kind":"Event", "apiVersion":"audit.k8s.io/v1", "metadata":{ "creationTimestamp":"2019-03-03T10:10:00Z" }, "level":"Metadata...