How to satisfy this control?
Long story short: company went through a review for ISO 27001 and was recommended to employ a SIEM.
We're using Symantec for our Anti-Virus and I'm thinking I might be able to find something that supports the SIEM functionality from them.
There's just one problem: the auditor said the SIEM must support some protection of logs that include tampering from admins.
In my mind, I don't know how that would be possible considering we're to be the ones to set it up in the first place. We're holding all the keys.