The Escalations page shows the rules that determine how Arctic Wolf® escalates a potential security incident.

1. Sign in to the Arctic Wolf Unified Portal.
2. In the navigation menu, click Organization Profile > Escalations.
3. On the Escalations page, see if an escalation rule already exists for the security incident that you are planning for.
   For more information, see View your escalation policy.
4. Optional: To narrow the list of escalation rules, use one or more of these filters:
   • Search — Searches all fields.
     Note: Asterisks are not required for wildcards. For example, if you enter high, your search results will include escalation types where the word "high" appears in any field. For example:

     • All rules about incidents with a High priority.
     • Escalation types containing the word "high." For example, Potential Security Issue > High IOC Finding - Hash.
   • Priority — Filters by priority level.
   • Sensor — Returns escalation rules associated with the selected sensor.
   • Contacts Involved — Returns escalation rules assigned to the selected contact.
5. To update your escalation policy, do one of these actions:
   • To edit an existing rule, click View Details for the rule you want to edit, and then click Request an Update.
   • To add a new rule, click Request a new Escalation.

     Both actions open a new ticket.

6. In the new ticket, in the Message field, describe the scenario or incident and, for each escalation level, specify who to contact and how to contact them. For example:
   • Scenario:Unusual user activity
     • Level 1:Submit a ticket to Jane Doe (username: janedoe)
     • Level 2:Phone Jane Doe at 555-0103 (work) during business hours
   • Scenario:Compromised system
     • Level 1:Email John Doe at john.doe@example.com (primary) and CC Jane Doe at jane.doe@example.com
     • Level 2:Phone John Doe at 555-0101 (work) or 555-0102 (mobile) at any time
     • Level 3:Phone Jane Doe at 555-0103 (work) or 555-0104 (mobile) at any time
7. Click Send Message.