Managed Risk FAQs
This information answers frequently asked questions (FAQs) about Arctic Wolf® Managed Risk in the Unified Portal and helps to clarify some of the behavior differences between the Risk Dashboard and the Unified Portal.
Contact your Concierge Security® Team (CST) at security@arcticwolf.com if you have questions that are not answered here.
Q: What are the main differences between existing Risk Dashboard and Unified Portal features?
For more information, see Unified Portal and Risk Dashboard feature differences.
Q: Which Risk Dashboard features are not in the Unified Portal yet?
For more information, see Features in the Risk Dashboard that are not in the Unified Portal.
Q: What happens to risks when an asset is deleted?
- The asset Asset State changes to Inactive in the Unified Portal, and then the asset is removed after 120 days.
- The asset remains in scan schedules in the Unified Portal until you edit the schedule.
- The Status of any risks associated with the asset change to Resolved in the Unified Portal, and then those risks are removed after 120 days.
- Agent and Internal Vulnerability Assessment (IVA) scanners remain visible.
- The asset can appear again in the Unified Portal if an Agent or IVA scanner receives a new signal from it.
- The asset will not appear again in the Unified Portal if you delete the associated Agent or modify an associated IVA scan.
In the Risk Dashboard, you cannot delete assets with risks that were identified within the last 24 hours or Agent assets that were identified in the last 48 hours. When you delete an asset:
- The asset is also removed from the Unified Portal
- When you remove an Agent asset:
- It is automatically removed from scan schedules in the Risk Dashboard.
- The Agent associated with that asset is no longer visible in the Risk Dashboard or in the Unified Portal.
- All risks associated with the Agent are deleted from the Risk Dashboard.
- If the Agent reconnects, the Agent will reappear in the Risk Dashboard and in the Unified Portal.
Q: When I uninstall Agent from an asset, what happens to the risk State?
-
If the asset had only Agent as a Source, the Asset State automatically changes to Inactive, and the Status of all associated risks changes to Resolved.
-
If the asset had more than one Source, for example, Agent, IVA, and DHCP, Agent is no longer listed as a Source on the Asset page, the Asset State and risk Status do not change, and the State of all risks associated with the Agent remains unchanged. In this situation, you must manually set the State of any risks associated with that Agent to Accepted or Mitigated so the risks do not impact your risk score.
Q: What can cause an Asset State to change to Inactive?
-
Arctic Wolf Agent is uninstalled from an asset that only had Agent as a Source.
-
The asset is deleted, and then the asset is removed from the Unified Portal after 120 days.
Q: When a change is made in the Unified Portal, does it synchronize with the Risk Dashboard?
A: No, synchronization between the Risk Dashboard and the Unified Portal ended on October 30, 2025. Arctic Wolf recommends that you use the Unified Portal for all services now, especially for Internal Vulnerability Assessment (IVA) and Agent risks.
-
Tags — When a tag is added or removed from an asset in the Unified Portal, the change is not immediately applied to the asset in the Risk Dashboard. However, there is a daily process that synchronizes asset tag changes made in the Risk Dashboard with assets in the Unified Portal.
- Category — The Unified Portal does not have a Laptop category, but if assets with a Laptop category were imported into the Unified Portal from the Risk Dashboard, the Laptop category is seen in the filter list. In the future, the Laptop and Desktop categories will be replaced by the Workstation category.
-
State — If you change this to Accepted or False Positive, the change is needed in both portals.
-
Assignee — The change is needed in both portals.
-
Asset Criticality — The change is needed in both portals.
-
Asset Name — The change is needed in both portals.
-
Due Date — The change is needed in both portals.
-
Bulk updates to Tags, Asset Criticality, and Category are not supported for assets that do not have common filters because you cannot import asset data at this time.
-
We are developing tools so that you can request a one-time data migration from the Risk Dashboard to the Unified Portal. This will allow you to transfer State and Tags data and other other information to the Unified Portal, but some data is not supported for this transfer.
Q: Is the risk score the same in the Unified Portal and the Risk Dashboard?
- Risk Dashboard — Some default groupings are applied to risks, but these groupings are mainly applied to risks that are associated with Arctic Wolf Agent scans. Only risks with a severity risk score of 4 or higher are displayed and included in the risk counts.
-
Unified Portal — Risks are displayed based on findings related to a specific CVE. Some findings are grouped together based on Arctic Wolf detection logic. All Unresolved risks, even those with a severity risk score of 3.9 and lower, are displayed and included in risk counts.
in April 2026, an additional Risk Score algorithm will be available for you to choose from.
For more information, see Risk score calculation.
Q: How do you improve your risk score?
A: In the Unified Portal, track the behavior of risks in your environment and remediate risks on a regular basis. For the biggest impact, remediate risks with the Highest Risk Score and Highest Risk Severity.
For more information, see Routine tasks in the Unified Portal and View assets impacted by remediation.
Q: Will the Risk Dashboard be decommissioned?
A: Yes, in the future, the Risk Dashboard and Risk Analytics will be decommissioned, but no features or capabilities will be removed in the meantime. For now, as new Managed Risk capabilities are added to the Unified Portal, the Risk Dashboard and Analytics portals continue to be available.