Creating Incident Response Retainer Cases

User Guide

Updated Feb 2, 2023

Creating Incident Response Retainer Cases

Overview Direct link to this section

This guide provides an overview of the Incident Response (IR) Retainer and IR Jumpstart Retainer services and how to contact Arctic Wolf when your organization experiences a cybersecurity incident.

The IR Retainer services allow eligible Arctic Wolf customers who are experiencing a major cybersecurity incident to quickly access our incident response experts who can help identify and contain cyberattacks, as well as restore the organization to pre-incident operations.

Examples of major cybersecurity incidents include:

The IR Retainer is available to eligible Arctic Wolf customers who have enrolled in this service and who meet all of the following criteria:

Note: If you are an existing MDR customer and want to see if you are eligible to opt-in to the IR Retainer, contact your Customer Success Manager.

You can purchase the IR Jumpstart Retainer service which includes additional features, such as access to Cyber Essentials.

Contacting Arctic Wolf during a cybersecurity incident Direct link to this section

If you experience a cybersecurity incident and have an IR Retainer, refer to the workflow below to contact Arctic Wolf and see how we respond to your incident:

  1. Call Arctic Wolf's Security Services at 1-888-272-8429 and dial 2.

    If you are an IR Jumpstart Retainer customer, you can also click Contact in the bottom-left corner of the Cyber Essentials portal and submit details of the cyber incident.

  2. Security Services investigates the incident and determines if it should get escalated to Arctic Wolf's incident response team (formerly Tetra Defense).

  3. If the cybersecurity incident qualifies, we will contact you to schedule a free scoping call with Arctic Wolf. During this call, Arctic Wolf:

    • Reviews your incident.

    • Prepares a Statement of Work (SOW).

  4. If you choose to work with Arctic Wolf by signing the SOW, the team will work with you to remediate the security incident.

  5. If you are enrolled in the Security Operations Warranty benefit, see Creating Arctic Wolf Security Operations Warranty Claims for instructions on making a cybersecurity event claim.