How Gateway collects and uses data

For complete information about this product, see the Aurora Endpoint Security docs.

Item

Data collection and use

Administrator account information

Arctic Wolf collects the following information about administrator accounts to authenticate authorized administrators and deliver application alerts:

  • First name
  • Last name
  • Email address
  • Username

User account information

Arctic Wolf collects the following information about user accounts to provide customers with the ability to configure and deploy service:

  • First name
  • Last name
  • Email address
  • Username

Endpoint data
  • Arctic Wolf collects the following device data to give your organization’s administrators visibility into users’ network activity:
    • Hostname
    • OS
    • Last connected date and time
  • The data is accessible to authorized Arctic Wolf support and service management staff.

Collection of endpoint network activity
  • Arctic Wolf collects the following network activity data from endpoint devices to give your organization’s administrators visibility into users’ network activity:
    • DNS activity
    • Destination IP address
    • Destination port
    • TLS certificates
    • Categories of network resources accessed
    • Data transferred
    • Date and time
  • Administrators can take this data into account when they configure risk mitigation policies.
  • The data is accessible to authorized Arctic Wolf support and service management staff.

Identifying alerts and events
  • Arctic Wolf collects the following information about alerts and events to give your organization’s administrators visibility into users’ network activity and potential threats:
    • Risk calculation
    • Risk type
    • Status
    • Username
    • Device name
    • Network destination
    • Action taken
    • Data transferred
    • Detection time
    • Response actions
  • The data is accessible to authorized Arctic Wolf support and service management staff.

Diagnostic information

Arctic Wolf collects the following diagnostic information to support problem reporting and issue resolution:

  • Information about specific problems
  • User provided email address for follow-up
  • Device details
  • User unique identifier
  • Device unique identifier
  • Status
  • Account name

Customer administrative logins

Arctic Wolf collects login activity from administrators or operator of customer tenants (includes date and time, user unique identifier, status, and account name) to audit authentication activity and perform risk management.

Data storage
  • Arctic Wolf uses the data described above to facilitate the performance of the EULA under which Arctic Wolf’s services and products are offered. The data is shared only with necessary third-party services that are needed to fulfill the intended purpose of the services.
  • Arctic Wolf will not sell, lease, or otherwise distribute this information.
  • The endpoint data that is collected is stored in one of the following subprocessors:
    • Amazon Web Services; Asia Pacific (Australia), Europe (Germany), North America (United States), South America (Brazil).
    • Databricks: Asia Pacific (Australia), Europe (Germany), North America (United States).
    • MessageBird (email only): United States

Data retention

Personal data processed Data retention period

Administrator and user account information

Data is stored for the duration of the contract. A customer administrator can remove an individual user’s personal data or initiate a service removal request in the administrative console. Data that is backed up is retained for 90 days after the conclusion of a service agreement.

Endpoint data

Data is retained for as long as registered device is active.

Endpoint network activity

Data is stored for 30 days.

Alerts and events

Data is stored for 30 days.

Diagnostic information

Data is stored for 5 years.

Customer administrative login activity

Data is stored for 1 year.