Routine tasks in the Unified Portal

To help with risk tracking and remediation, Arctic Wolf recommends that you complete these tasks on a semi-regular basis:

Task

Recommended frequency

Review unresolved risks

Weekly or monthly

Review the state of risks

Weekly or monthly

Review your scan exclusion list

Monthly

Review assets

Monthly or quarterly

Review scanner health

Monthly or quarterly

Monitor your progress

Monthly or quarterly

Integrate your data with your workflows

Optional

Review unresolved risks

It is good practice to review your unresolved risks on a weekly or monthly schedule. This helps you to maintain an accurate risk score, provides you with more visibility into your network activity, and helps you to proactively identify and address potential vulnerabilities.

Tip: We recommend that risks with a Risk Severity of Critical be addressed before risks with a Risk Severity of High, Medium, or Low. To help identify these, you can view risks on the All, Group by Vulnerability, and Group by Remediation tabs with the Risk Severity filter set to Critical. For more information, see View risks, and Risks table.
  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Managed Risk > Risks.
    The Risks table displays. For more information, see Risks table.
  3. Click Filters.
  4. In the first filter row, select these options:
    • Columns — Select Status.
    • Operator — Select is.
    • Value — Select Unresolved.
  5. Click + Add filter.
  6. In the second filter row, select these options:
    • Columns — Select State.
    • Operator — Select is any of.
    • Value — Based on the contextual data you need, select one or more options.
  7. Optional: Save the filter set for future use.
    For more information, see Save a filter set.
  8. In the table, review each Unresolved risk to identify the remediation that is required.
    Note:
    • Resolved risks no longer exist after 120 days.
    • 45 days after the risk is last detected, the Status automatically changes to Resolved if the device is offline or is no longer detected, and the Resolution Reason changes to Stale. Resolved risks are removed from the default view and the risk score calculation.

Review the state of risks

On a weekly or monthly basis, review the State of each risk to make sure it is appropriate and to verify that risks are resolved as expected.

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Managed Risk > Risks.
    For more information, see Risks table.
  3. In the Filters section, click Clear Filters, and then configure these settings:
    • Columns —Select Status.
    • Operator — Select is.
    • Value — Select Unresolved.
  4. Review State of each risk, and then do one or more of these actions:
    • Change the risk State as appropriate.
    • For risks that have a State of Fixed or Mitigated and that have had a subsequent scan, contact your Concierge Security® Team (CST) if you think the risk should be resolved, but the Status is not Resolved.

Review your scan exclusion list

To reduce risk to your organization, review your scan exclusions list each month to make sure it only includes exclusions that you need.

Review your scan exclusions list.
For more information, see Configure scan exclusions.

Review assets

On a monthly or quarterly basis, review your assets.

Do these actions:
  • Delete assets — Delete any assets that are no longer needed because they impact your metrics. When deleted, the Asset State changes to Inactive, and then the asset is removed after 120 days.
  • Edit an asset category — When you add a new asset, assign a Category to it that accurately identifies the purpose of the asset.
  • Edit asset criticality — When you add a new asset, assign an Asset Criticality value to it. This value is optional. It displays for any risks that are discovered on an asset and it can help you with risk mitigation planning.
  • Apply a tag to an asset — When you add a new asset, apply tags to it. The tags allow you organize assets into different groups and they help you identify them.

    For more information, see Remove a tag from an asset and Tag management.

  • If you uninstall Agent from an asset that has more than one Source, manually set the State of any risks associated with that Agent to Accepted or Mitigated so the risks do not impact your risk score. You need to do this because when you uninstall Agent from an asset, one these actions occur:
    • If the asset had only Agent as a Source , the Asset State automatically changes to Inactive , and the Status of all associated risks changes to Resolved.
    • If the asset had more than one Source, for example, Agent, IVA, and DHCP, Agent is no longer listed as a Source on the Asset page, the Asset State and risk Status do not change, and the State of any risks associated with the Agent does not change so the State must be manually set.

Review scanner health

Each month or quarter, review scanning health:
Note: When a scanner is disconnected, Arctic Wolf sends you a ticket in the Unified Portal, so that you know when it was disconnected. For more information, see View tickets.

Monitor your progress

On an ongoing basis you should monitor the vulnerabilities in your environment to identify your risk remediation state and progress.

Complete these tasks on a regular basis:
  • Review your Risk Exposure Score — Your Risk Exposure Score indicates how at risk your network environment is. It is a weighted average of the scores of all unresolved risks in your network at a particular time. The Risk Exposure Score updates automatically when new risks are found, existing risks are mitigated or accepted, or when the Common Vulnerability Scoring System (CVSS) score for the existing risks change.

    Evaluate your Risk Exposure Score on a monthly or quarterly basis, and note the risks that impact your risk score the most. Risks with a high score affect your Risk Exposure Score more than risks with a low score.

    For more information, see View your risk score and View assets impacted by remediation.

  • Review the Risk Remediation Trends widget — The graph allows you to view the results of your remediation efforts over a specific time range and compare it with incoming risks. Make sure Unresolved risks line is not flat because this could indicate that scans are not working as expected or that schedules are not configured, and make sure the Resolved risks line is not flat because this can indicate that no new risk remediation has occurred.

    For more information, see View your risk metrics.

Integrate your data with your workflows

Arctic Wolf® provides you with the option of integrating your data with workflows that you currently have at your organization.

Optional: Do these integration tasks:
  • Export remediation data from the Unified Portal so that you can process, share, or import it into other software at your organization.

    For more information, see Export remediation data.

  • If your IT service management (ITSM) solution is integrated with Arctic Wolf, create ITSM tickets for each risk in the Unified Portal.

    For more information, see Create an ITSM ticket for the risks in your organization.