Review security investigations

You can review details of security investigations, including a timeline of actions taken during the investigation before alerting on or closing the case.

Every security investigation is assigned a case ID for tracking purposes. Cases that are alerted on include a ticket, with a new ticket number.

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Tickets & Alerts > Security Investigations.
    The Security Investigations page opens.
  3. To view:

    • A ticketed case — Remain on the Security Alerts tab.

    • A case that was not ticketed — Click the Other Investigations tab.

  4. Find the ticket or case that you want to view, and then click the corresponding Ticket # or Case ID value to open the ticket or case.
  5. Review the actions taken in the Investigation Timeline tab.
    For more information about available data, see View tickets.