AU-2 asks for several audit records to be gathered, including "process tracking". While auditd on the Linux hosts audits all the process, we might need to know what process correlates to which workload

Acceptance criteria

• find out if just auditing processes is good enough or if we need to link the process to a workload. Linking the process to a workload can be done with crictl or information in /proc, but it's very user-unfriendly
• find out if crio provides this information for us in some log (ask Sasha)