IR AnalystSwitch roles in the top navigation to see different perspectives.

Draft formal log requests to third-party vendors and managed service providers (MSPs), specify required timeframes and log types, and coordinate secure transfer of evidence.

Actions

  1. 1.Identify which third-party vendors hold relevant logs: ISP flow data, cloud hosting provider logs, SaaS application audit trails, MSP monitoring data, CDN/WAF provider logs.
  2. 2.Draft a formal log preservation and production request specifying: timeframe (T-30d to present), log types needed, format requirements (CSV, JSON, syslog), and delivery method (SFTP, encrypted email).
  3. 3.Include in the request: case reference number, legal basis for the request (contract clause, legal process), contact person, and urgency level.
  4. 4.Verify received logs: check timeframe coverage, format compatibility with analysis tools, and data completeness.
  5. 5.Parse and integrate third-party logs into the investigation timeline. Correlate timestamps (accounting for timezone differences).

Queries

Review vendor contracts and SLAs for log retention periods and incident response support obligations.

Notes

  • Third-party log requests can take days or weeks. Submit requests as early as possible in the investigation.
  • Some vendors may require a subpoena or court order for certain log types. Coordinate with Legal.