I have been digging through various Cortex documentations to find explicit language around log integrity, tamper protection of logs from administrators. I am aware that RAW Logs are not accessible to tenant admins however, could you point me in the direction of any documents that explicitly state that all logs ingested by XDR and Data Lake are adequately protected from write and deletion? If there is a setting within in Cortex, that is also acceptable.
This is a common question that we have to address in various audits including ISO 27001. Any guidance on this topic is appreciated. Thank you.
Hi @SaratMuddu please take a look at the SOC2 compliance reports for XDR and see if it meets your need. If you're not able to retrieve the report, reach out to your Sales rep to be able to assist you with one.
As far as the logs are considered, it is read-only from XQL. Tenants don't have access to the underlying infrastructure that hosts the data at rest.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!