Are raw logs securely stored and unable to be altered after being received?

Raw logs generated by network security devices, such as those managed by Fortinet, are designed to be stored in a manner that ensures their integrity and security. When raw logs are received by a logging system, they undergo processes that often include writing them to a secure storage location. This makes it extremely difficult to alter or tamper with the logs once they are recorded. Secure storage methods can include write-once, read-many (WORM) technology or other mechanisms designed to prevent modifications.

It's important to highlight that ensuring the integrity of raw logs is fundamental for compliance and for forensic investigation purposes. This default setting in tools like Fortinet's log management systems is aimed at maintaining a reliable and trustworthy audit trail, which is essential for identifying security incidents and analyzing past events.

While some methods may allow for temporal or conditional logs to be stored in altered formats or only for limited times, the nature of raw logs being stored securely and unmodifiable is a crucial feature that supports effective security monitoring and incident response.