Tamper Proof Use Case

the tamper proof feature can be accessed in log screens, such as session logs, http proxy logs, activity logs, command logs, authentication logs, event logs, and video logs navigate to logging > user auth logs select show tamper proof status and filter other parameters, as needed click the search button to list all the results the list includes an extra column called tamper proof , which represents the status of each log record if the log record is tagged as original , there are no changes if the log record is tagged as tampered , it means that he log record has somehow been changed in the database by a malicious user if there is any undue modification of log record name, time, client ip, hash info etc , the tamper proof mechanism identifies it and flags it as tampered if the log record is tagged as unknown , it has not yet been hashed by the batch process once it is hashed in the background, its status will be updated to original or tampered any user searches of the log record with tamper proof status will be recorded as an activity log, as illustrated in the figure below set the event type filter as /log/activity log/search tamper proof/ and click search to see the results information on which users searched for tamper proof status includes time, instance name, event type, and event parameters information