Immutable logging means security and system records are written so they cannot be quietly edited or deleted after the fact. In practice, logs may be stored in append-only databases, WORM storage, or cloud services with retention locks and strict access controls. This matters because logs are often the first reliable evidence of what happened on a host, account, or network path.
For defenders, immutable logs support incident response, forensics, and compliance by preserving a trustworthy timeline of logins, privilege changes, process launches, and API calls. Attackers often try to erase or alter logs after gaining access, so tamper resistance helps detect intrusion, prove scope, and prevent cover-up. Good immutable logging is usually paired with centralized collection, separate admin credentials, and alerting on missing or unusual log gaps.