Creating Incident Response Retainer Cases

User Guide

Overview Direct link to this section

This guide provides an overview of the Incident Response (IR) Retainer service and how to contact Arctic Wolf when your organization experiences a cybersecurity incident.

The IR Retainer allows eligible Arctic Wolf customers who are experiencing a major cybersecurity incident to quickly access our incident response experts who can help identify and contain cyberattacks, as well as restore the organization to pre-incident operations.

Examples of major cybersecurity incidents include:

The IR Retainer is available to eligible Arctic Wolf customers who have enrolled in this service and who meet all of the following criteria:

Note: If you are an existing MDR customer and want to see if you are eligible to opt-in to the IR Retainer, contact your Customer Success Manager.

Contacting Arctic Wolf during a cybersecurity incident Direct link to this section

If you experience a cybersecurity incident and have an IR Retainer, refer to the workflow below to contact Arctic Wolf and see how we respond to your incident:

  1. Call Arctic Wolf's Security Services at 1-888-272-8429 and dial 2, or email

  2. Security Services investigates the incident and determines if it should get escalated to Arctic Wolf's incident response team, Tetra Defense.

  3. If the cybersecurity incident qualifies, we will contact you to schedule a free scoping call with Tetra Defense. During this call, Tetra Defense:

    • Reviews your incident

    • Prepares a Statement of Work (SOW)

  4. If you choose to work with Tetra Defense by signing the SOW, the team will work with you to remediate the security incident.

  5. If you are enrolled in the Security Operations Warranty benefit, see Creating Arctic Wolf Security Operations Warranty Claims for instructions on making a cybersecurity event claim.