Run a search

Tip: You can run a concurrent search in a new browser tab or window.
  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Data Exploration > Raw Log Search.
  3. Optional: Limit your search to log sources that have a specific tag:
    1. Click the Log Source field.
    2. Add one or more tags from the list. For example, select active directory and auth to only include log sources with the active directory tag and log sources with the auth tag.

      See Log source tags for more information.

  4. Optional: Set the desired time range.
    Note:
    • You can search up to 31 days of log data at a time.
    • The earliest log data that you can search is based on your data retention policy.
    • By default, data sent to Arctic Wolf prior to January 2019 is not searchable. If your data retention period begins before January 2019 and you would like to search your full history, contact your Concierge Security® Team (CST) at security@arcticwolf.com.
  5. Optional: Select a frequently run search:
    1. In the Query Template list, select a frequently run search.
    2. If prompted, enter the value that completes the search expression. For example, in the Login Successes for User template, enter a user ID.
    3. Click Apply to add the search expression to the Search field.
  6. Optional: In the Search field, enter or modify the search expression.
    Tip: See Raw Log Search query syntax for more information.
  7. Select or deselect the Case sensitive option.
  8. Click Search.

    A timeline graph and a table of matching log sources loads when the search is complete.