In the Microsoft documentation, it states... "Microsoft reduces the risk of sending update files over an unencrypted channel by signing each update. In addition, a hash is computed and sent together with the metadata for each update. When an update is downloaded, WSUS checks the digital signature and hash. If the update has been changed, it is not installed."
How can I obtain evidence from our WSUS server that this is occurring for an audit?
