diff --git a/files/etc/kubernetes/policies/audit-policy.yaml b/files/etc/kubernetes/policies/audit-policy.yaml
index 25b8fd0..9067920 100644
--- a/files/etc/kubernetes/policies/audit-policy.yaml
+++ b/files/etc/kubernetes/policies/audit-policy.yaml
@@ -10,7 +10,15 @@ rules:
     - group: ""
       # Resource "pods" doesn't match requests to any subresource of pods,
       # which is consistent with the RBAC policy.
-      resources: ["pods"]
+      resources: ["pods", "deployments"]
+
+  - level: RequestResponse
+    resources:
+    - group: "rbac.authorization.k8s.io"
+      # Resource "pods" doesn't match requests to any subresource of pods,
+      # which is consistent with the RBAC policy.
+      resources: ["clusterroles", "clusterrolebindings"]
+
   # Log "pods/log", "pods/status" at Metadata level
   - level: Metadata
     resources:
@@ -48,11 +56,17 @@ rules:
     # The empty string "" can be used to select non-namespaced resources.
     namespaces: ["kube-system"]
 
-  # Log configmap and secret changes in all other namespaces at the Metadata level.
+  # Log configmap changes in all other namespaces at the RequestResponse level.
+  - level: RequestResponse
+    resources:
+    - group: "" # core API group
+      resources: ["configmaps"]
+
+  # Log secret changes in all other namespaces at the Metadata level.
   - level: Metadata
     resources:
     - group: "" # core API group
-      resources: ["secrets", "configmaps"]
+      resources: ["secrets"]
 
   # Log all other resources in core and extensions at the Request level.
   - level: Request