Data Explorer license options

Data Explorer is a licensed Managed Detection and Response (MDR) add-on that lets you search analyzed event data. Each license option controls what data is available and whether you can access additional reporting features.

The Arctic Wolf® Unified Portal includes several reporting features that are based on analyzed events. These events are generated as part of the Arctic Wolf MDR service. In Data Explorer, you can search all analyzed events over a specific time period. Data availability is based on your current license.

Note: Your Data Explorer license affects Unified Portal features outside of Data Explorer. For example, the time range options that appear in home page widgets and dashboards.

A full Data Explorer license has one of these data availability options: 14 days, 30 days, or 90 days. A full license grants you the ability to:

View observations related to an analyzed event — For more information, see Observation pipeline.
Create custom alerts — This feature lets you create custom alerts for scheduled Data Explorer query runs. For more information, see Saved queries and custom alerts.
Search raw logs — In the Raw Log Search interface, you can search through the raw logs ingested by Arctic Wolf for security monitoring. Data availability is based on your data retention policy.

Data Explorer Lite grants limited access to search analyzed data generated over the last three days.


Feature	Data Explorer Lite	14-day license	30-day license	90-day license
Data availability	Last 3 days	Last 14 days	Last 30 days	Last 90 days
Observations	Not included	Included	Included	Included
Custom alerts	Not included	Included	Included	Included
Raw Log Search access	Not included	Included	Included	Included

Arctic Wolf Unified Portal

Arctic Wolf Unified Portal

Data Explorer license options