What is another method of determining whether or not an unauthorized access and modification to network policy is a result of an external or internal threat, when the security audit log has been erased and disabled.
We have already re-enabled thesecurity audit function. I am trying to determine whether the hack was external or internal (physical access).
