Cortex XDR + CDL - Raw Log file integrity and tamper protection

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cortex XDR + CDL - Raw Log file integrity and tamper protection

L0 Member



I have been digging through various Cortex documentations to find explicit language around log integrity, tamper protection of logs from administrators. I am aware that RAW Logs are not accessible to tenant admins however, could you point me in the direction of any documents that explicitly state that all logs ingested by XDR and Data Lake are adequately protected from write and deletion?  If there is a setting within in Cortex, that is also acceptable.


This is a common question that we have to address in various audits including ISO 27001. Any guidance on this topic is appreciated. Thank you.


L5 Sessionator

Hi @SaratMuddu please take a look at the SOC2 compliance reports for XDR and see if it meets your need. If you're not able to retrieve the report, reach out to your Sales rep to be able to assist you with one.


As far as the logs are considered, it is read-only from XQL. Tenants don't have access to the underlying infrastructure that hosts the data at rest.

  • 1 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!