1.14-Request Logs

Task Request for logs from mission owner

Conditions

Standards

An IR Team should immediately request at least 30 days of logs from the Internet Access Provider (IAP), as well as, logs from the organizations proxy firewall, Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP) and host/network sensors. Ideally, the organization has 180 days of logs but frequently most of the data is over written in even less than 30 days.

End State

Notes

Manual Steps

Running Script

Dependencies

Other available tools

References

Revision History