We are being audited by a client of ours. They want to know what anti-tampering capabilities (log deletion, alteration, etc.) are available in the Insight IDR platform. I am not able to find any documentation for this. Does any know?
1 Like
Are you using the ransomware protection features? If so, there is documentation on the R7 site regarding that, but not log alteration specifically.
This is the piece where we talking about Log immutability Log Search | InsightIDR Documentation
Once written logs cannot be changed or altered, however logs can be deleted if the event source sending those logs is deleted, this is limited to IDR Admins or those with Write permissions in the product and access to Data Collection management
David
Thanks, I passed along that information to the auditor. Hopefully they will be satisfied with that.