Our customer wants to know if a Sentinel admin can "manipulate" the raw
logs and if so, is that audited and in a report somewhere. I'm
relatively new at working with our Sentinel system and haven't found
anything yet on this.

I'm guessing I could go in and delete raw logs but is that audited? Not
sure how I could manipulate or change a raw log.


tscislaw's Profile: https://forums.netiq.com/member.php?userid=8043
View this thread: https://forums.netiq.com/showthread.php?t=53605