Cortex XDR + CDL - Raw Log file integrity and tamper protection

SaratMuddu — Mon, 21 Mar 2022 16:11:37 GMT

Hello,

I have been digging through various Cortex documentations to find explicit language around log integrity, tamper protection of logs from administrators. I am aware that RAW Logs are not accessible to tenant admins however, could you point me in the direction of any documents that explicitly state that all logs ingested by XDR and Data Lake are adequately protected from write and deletion? If there is a setting within in Cortex, that is also acceptable.

This is a common question that we have to address in various audits including ISO 27001. Any guidance on this topic is appreciated. Thank you.

Re: Cortex XDR + CDL - Raw Log file integrity and tamper protection

bbarmanroy — Tue, 22 Mar 2022 01:42:21 GMT

Hi @SaratMuddu please take a look at the SOC2 compliance reports for XDR and see if it meets your need. If you're not able to retrieve the report, reach out to your Sales rep to be able to assist you with one.

As far as the logs are considered, it is read-only from XQL. Tenants don't have access to the underlying infrastructure that hosts the data at rest.

topic Re: Cortex XDR + CDL - Raw Log file integrity and tamper protection in Cortex XDR Discussions

Cortex XDR + CDL - Raw Log file integrity and tamper protection

Re: Cortex XDR + CDL - Raw Log file integrity and tamper protection