Asset filters

On the Assets page, you can add or remove filters to refine the risks that appear in the Assets table. You can also create custom filter sets to use later.

Note: Your filters are maintained for each browser tab session. If you open a new browser tab or add new parameters to the URL, the filters reset.

These filters are available:

  • Asset Criticality — The criticality of the asset. This is how important this asset is to the day-to-day operations at your company. The higher the criticality the bigger the business disruption in the event of an incident. Options include: Unassigned, None, Low, Medium, High, and Critical.
    For more information, see Edit asset criticality.
    Note: Editing asset criticality can significantly impact your risk score. For more information, see Risk Exposure Score calculation.
  • Asset State — The state of an asset on the network that Arctic Wolf is receiving a signal from and that has a timestamp within the last 120 days. Options include: Inactive or Active.
  • Category — The category of the asset. This information helps you to identify the purpose of the asset. Some options include: Desktop, Laptop, or Printer.
    Note: If there is not enough information to classify an asset, the asset appears in the Unassigned category.
  • Device Name — Enter a device name to show assets with the specified device name.
  • Hostname — The hostname of the asset.
  • IP Address — The IP address that is associated with the asset.
    Note: It is possible to have more than one asset with the same IP Address because of DHCP behavior. If this occurs, you can ignore or delete the duplicate asset.
  • Last Seen — Enter a time range or select a time option to show assets that had the IP address last verified within that time. Time options include: Past hour, Past 24 hours, Past 72 hours, or Past week. The time range maximum is 120 days.
    Note: This value is not the last time that the asset was online.
  • Last Successful Scan — Enter a time range or select a time option to show assets that had the last complete scan within that time. Options include: Past hour, Past 24 hours, Past 72 hours, or Past week. The time range maximum is 120 days.
  • Low Signal — Assets that have a timestamp, but do not have not enough information for you to identify them in your environment. Options include: Yes or No.
  • MAC Address — The media access control (MAC) address of the asset.
  • Manufacturer — Enter a partial or full manufacturer name to show assets with that manufacturer. For example, Google, Windows, or Apple.
  • NetBIOS — The NetBIOS Name Service (NBNS) of the asset, if available.
  • Operating System — The OS of the asset and, if available, the version. For example, Ubuntu 20.04.6 LTS, openbsd, or Microsoft Windows Server 2019 Essentials 10.0.177/63.
  • OS Type — The type of OS identified on the asset. Options include: Linux, macOS, Windows, or Unknown if a non-standard OS is identified.
  • Risks — The number of risks found by all scanners that were observing the asset.
  • Risk Score — Click a risk score option or select a risk score range to view assets with the specified risk score. Options include: Low, Medium, High, or Critical. The risk score range is from 0 to 10.
  • Sources — The source that discovered the asset. Possible sources include: Agent, IVA, Active Directory, or DHCP.
    Note: DHCP source information for assets is only available to your organization if they subscribe to Managed Detection and Response (MDR) and Aurora Vulnerability Management (Aurora VM) and have DHCP source information enabled. To determine if you have it enabled, see View log sources. To enable DHCP source information for your assets, submit a ticket to your Concierge Security® Team (CST).
  • Tags — Select or deselect options to show assets that have the selected tags associated with them.