As far as audit data. Whan an archive file is created , it it is going to be copied to another device for storage. Auditors will want to know how can it be assured that when the archive was no longer on the gateway, how can the integrity of the data be preserved. In Main - Setup - Settings - Default archive settings, you can configure an encrytion key to be used to with the archive file, and you can also have a signing key assigned to it.. The encrytion helps secure the data but if it was somehow tampered with, when you try to load it you will get a signing key mismatch. So both together help ensure the integrity ouside of our system.
As far as the audit data on the gateway, you need to ensure that the audit encrytption has been enabled for the hard disk.
You can follow the procedure listed here to enable it.
https://docs.imperva.com/bundle/v13.6-administration-guide/page/6871.htm------------------------------
David Mazakas
------------------------------
Original Message:
Sent: 11-17-2020 11:13
From: Ho Larry
Subject: Tampering logs in MX/GW
Greetings,
Would like to know if there are supporting documents by Imperva which proves that audit logs in MX/GW cannot be tampered.
#DatabaseActivityMonitoring
------------------------------
Ho Larry
M.Tech Products
Singapore
------------------------------