You can view additional context about incident tickets to help you investigate and remediate security issues.

1. Sign in to the Arctic Wolf Unified Portal.
2. In the navigation menu, click Tickets & Alerts > All Tickets.
3. Find an incident ticket that you want to view.
4. Click the Subject or Ticket # of the ticket.
5. Click Investigation Context to view additional information about the ticket.
   Note: This tab is not available for all tickets.

   This may include:

   • Additional log data about the ticket.

     We manually provide this data based on what we determine is valuable. This information is also available to download from the Attachments tab.

   • A tree diagram of command line processes that ran.
   • Contextual information about public IP addresses mentioned in the ticket.
6. Optional: Click Attachments to download files that are related to your ticket, if available.
   Note: Attachments are only available for alert tickets if Arctic Wolf attached them to your ticket.