If we select Auditing box we will get the following description
Create a single rule in the audit policy that will record events for the ‘two’ objects depicting abnormal behaviour in the ‘citadel’ namespace. This rule should however be applied to all ‘three’ namespaces shown in the diagram at a ‘metadata’ level. Omit the ‘RequestReceived’ stage.
It’s totally unclear what does mean ‘two’ objects. Also it’s really confusing that at the beginning you are talking about one specific namespace, and later you are referencing to 3 namespaces
We do call it a challenge for a reason. Two types of things are changing very frequently in the citadel namespace; you can use a version of the audit policy that does not specify the kind of object to find them. Give it a try; if you can’t figure it out, I’ll point you to the answer.
But there is no hints that I have to take a look on a very frequently changing objects. Maybe you should put a hint something like - “Create a single rule in the audit policy that will record events for the ‘two’ objects depicting abnormal behaviour (frequently changing) in the ‘citadel’ namespace”
The challenge does mention changing items in the citadel namespace. In the main description:
For example, in the citadel namespace, the application called webapp-color is constantly changing! You can see this for yourself by clicking on the citadel-webapp link and refreshing the page every 30 seconds. Similarly there are other issues with several other objects in other namespaces.
This you can find by creating an auditing policy that watches for deletion of resources in that namespace. Once you create such an auditing policy, the items that are getting touched will pop out immediately.
If you’re still stuck: the course repo does have the solution for this challenge. But try to write my suggested audit policy first, since it’s something that you might have to do in a CKS exam, or in the killer.sh simulation (which you should also do in preparation for the exam).
I already solved the challenge. My complaint was about frustrated and unclear audit task description, imho
1 Like