I have been thinking about how google is assures log data post ingestion is stored in an immutable state for assurance from data security viewpoint. I tried searching for SecOps documentation but unable to find a straightforward statement.
Also, once data is stored, is there a way one could delete/alter the data, if one has an appropriate permission to do so. And how to keep a tap to such actions.?
Question
Data security for Security log data ingested in Google Chronicle SIEM.
+3- Bronze 2
+8- Bronze 2
Hello, please review the following reference, which may help answer your questions:
https://docs.cloud.google.com/chronicle/docs/about/data-retention
+3- Bronze 2
Hi,
Thanks for the help. The article has been helpful to understand the data retention options.
Still, it lacks providing clarity on the tamper-proof mechanism applied on data during the retention period.
+2- Bronze 2
Hi,
I think regarding the tamper-proof mechanism, you can refer to the Service Terms under:
1. Google Security Operations → c. → (ii)
https://cloud.google.com/terms/secops/service-terms?hl=en
Login to the community
Login with SSO
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.