Saved queries and custom alerts

In Data Explorer, you can save the queries that you make in the Query Builder. This feature allows you to load and run predefined queries in Data Explorer.

Preset queries are included with Data Explorer, but they cannot be edited. However, with this feature, members of your organization can save their own queries with the option of using the Save as function to build on existing queries.

Specific Data Explorer licenses add the ability to configure custom alert rules for saved queries. For more information, see Data Explorer license options. Configuring a custom alert rule is optional. When custom alert settings are configured for a saved query, a custom alert is generated each time the query runs as scheduled. This feature allows you to monitor data that matters to you at regular intervals. You can also configure the rule to send a custom alert to multiple recipients.

Note: Custom alerts are considered non-emergency events for self-service reporting purposes only. When you configure a custom alert rule, the results of each query run are not submitted to the Arctic Wolf® Security Operations Center for review or alerting as part of Managed Detection and Response (MDR) service. However, if you have questions about how to use this feature, you can submit a ticket to your Concierge Security® Team (CST). Your CST can also provide guidance during your next scheduled touchpoint.