Question

Are log data and audit logs in Panther protected from deletion, modification, or tampering?

Answer

Yes, Panther implements multiple security controls to ensure the integrity and immutability of log data and audit logs:

• Append-only Architecture: Log data in Panther is append-only by design. Once logs are ingested, they cannot be modified or overwritten. Does Panther allow logs to be overwritten or does it append-only?

• Controlled Deletion Process: Customers cannot directly delete logs. Any log deletion requests must be processed through Panther's support or engineering team and are only granted under specific, auditable circumstances. How do I update or delete log data from Panther?

• Version Control: All log data is stored in Amazon S3 with versioning enabled, maintaining an immutable audit trail. If a log object is modified, previous versions are preserved, providing evidence of any tampering attempts.

• Access Controls: Strict access controls are applied to storage buckets, ensuring only authorized services and personnel can access the log data.

These security measures ensure that security logs and audit records maintain their integrity and are managed under strict internal procedures.