Why are immutable logs important for CDX auditing?

• A. Immutable logs help reduce storage requirements by compressing event data.
• B. Immutable logs are optional in most CDX deployments.
• C. Immutable logs provide an unalterable, tamper-evident record of user actions, data access, and changes.
• D. Immutable logs are used only for error logging.

Answer: (C)

Immutable logs are essential for CDX auditing because they create an unalterable, tamper-evident record of what happened in the system. Once an event is written, you can't modify or delete it without leaving a trace, so auditors can trust the history of user actions, data access, and configuration changes. This integrity is supported by techniques like append-only storage, cryptographic hashes linking entries, and time-stamped seals, which make any attempt to alter the log detectable. With such a reliable trail, organizations can verify policy compliance, investigate incidents, and meet regulatory requirements. Logs that could be altered or are optional would undermine accountability and transparency, and focusing only on errors misses the broader activities that matter for auditing.