All audit records must identify any containers associated with the event within the container platform.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-233048	SRG-APP-000100	SRG-APP-000100-CTR-000200	SV-233048r960906_rule	2024-12-05	2

Description
Without information that establishes the identity of the containers offering user services or running on behalf of a user within the platform associated with audit events, security personnel cannot determine responsibility for potentially harmful events.

ℹ️ Check
Review the container platform configuration to determine if it is configured to generate audit records that contain the component information that generated the audit record. Generate audit records and review the data to determine if records are generated containing the component information that generated the record. If the container platform is not configured to generate audit records containing the component information or records are generated that do not contain the component information that generated the record, this is a finding.

ℹ️ Check

Review the container platform configuration to determine if it is configured to generate audit records that contain the component information that generated the audit record. Generate audit records and review the data to determine if records are generated containing the component information that generated the record. If the container platform is not configured to generate audit records containing the component information or records are generated that do not contain the component information that generated the record, this is a finding.

✔️ Fix
Configure the container platform to include the component information that generated the audit record.