Data Explorer license options

Data Explorer is a licensed Managed Detection and Response (MDR) add-on that lets you search analyzed event data. Each license option controls what data is available and whether you can access additional reporting features.

The Arctic Wolf® Unified Portal includes several reporting features that are based on analyzed events. These events are generated as part of the Arctic Wolf MDR service. In Data Explorer, you can search all analyzed events over a specific time period. Data availability is based on your current license.

Note: Your Data Explorer license affects Unified Portal features outside of Data Explorer. For example, the time range options that appear in home page widgets and dashboards.
A full Data Explorer license has one of these data availability options: 14 days, 30 days, or 90 days. A full license grants you the ability to:
  • View observations related to an analyzed event — For more information, see Observation pipeline.
  • Create custom alerts — This feature lets you create custom alerts for scheduled Data Explorer query runs. For more information, see Saved queries and custom alerts.
  • Search raw logs — In the Raw Log Search interface, you can search through the raw logs ingested by Arctic Wolf for security monitoring. Data availability is based on your data retention policy.

Data Explorer Lite grants limited access to search analyzed data generated over the last three days.

Feature Data Explorer Lite 14-day license 30-day license 90-day license

Data availability

Last 3 days

Last 14 days

Last 30 days

Last 90 days

Observations

Not included

Included

Included

Included

Custom alerts

Not included

Included

Included

Included

Raw Log Search access

Not included

Included

Included

Included