This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
BJ_Brooks
Participant
‎2023-09-25 09:31 AM

Evidence of Log File Integrity

A bit of a strange request... we have to provide evidence to a third party assessor that CP Audit Logs are immutable aka there is some sort of file integrity checking that is performed or something which prevents an admin from modifying a log file. Have not been able to locate any such function in the various admin guides. Has anyone else found a way to do this?

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2023-09-25 10:46 AM

Traffic and Audit logs are stored in a proprietary binary format.
You can only access these logs via expert commands, which should only be provided to trusted administrators.
If you are logging expert commands, then you should be able to prove these files were not tampered with.

0 Kudos
BJ_Brooks
Participant
‎2023-09-25 10:48 AM
In response to PhoneBoy

Thanks for the info. Is there any public documentation which states that?

0 Kudos
PhoneBoy
Admin
Admin
‎2023-09-25 11:06 AM
In response to BJ_Brooks

The only thing I'm aware of that even talks about the log files is: https://support.checkpoint.com/results/sk/sk127972 
I recommend you work with your local Check Point SE or possibly the TAC: https://help.checkpoint.com 

0 Kudos
BJ_Brooks
Participant
‎2023-09-25 11:14 AM
In response to PhoneBoy

Thank you, sir. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events