@@ -89,3 +89,13 @@ GitLab Premium or Ultimate plans provide access to the [Audit Events](https://do
- Help the customers get out of a tough situation.
- Ensure that the product provides functionalities that are important to customers.
### How does this process change if the customer requests an urgent response?
1. Advise the customer that the request will be treated as high priority, but as the
SIRT team has limited resources outside of normal business hours, the updates
are expected on a 12-hour/business day cadence.
1. The customer should provide the time window, scope, and resources of interest for
the request.
1. Create the SIRT issue and perform account ownership verification.
1. Consult with the [Support Manager on Call](/handbook/support/on-call/#engaging-the-on-call-manager) if this is not acceptable for the customer. In some circumstances it may be appropriate to engage the [Security Engineer On-Call](/handbook/security/security-operations/sirt/engaging-security-on-call/#engage-the-security-engineer-on-call).
@@ -17,6 +17,8 @@ If required, you can escalate the ticket/issue by following our [escalation proc
You can consider using the [kibana workflow](/handbook/support/workflows/kibana/) page for tips on retrieving logs for requests within the last 30 days. Log requests beyond a summary (similar to the examples below) or where logs are not readily available on Kibana should be handled according to the process outlined in the handbook page dedicated to [providing assistance to GitLab.com customers during customer-based security incidents](/handbook/security/customer-requests/). GitLab's Security Incident Response Team handles complex, extensive requests according to an internal [runbook](https://internal.gitlab.com/handbook/security/cross_functional_runbooks/customer_security_incidents/) for customer response operations.
If the customer has raised an emergency request for logs in relation to a security incident, first verify that the customer has revoked or changed any potentially affected tokens and passwords to prevent any additional unintended access. In most cases, the emergency ticket should be downgraded to high priority and handled with the [providing assistance to GitLab.com customers during customer-based security incidents](/handbook/security/customer-requests/) process. Review with the [Support Manager on Call](/handbook/support/on-call/#engaging-the-on-call-manager) if the customer requests a more urgent response.
