Managed Risk Portal Updates

Customer FAQ: Managed Risk in Unified Portal

What is changing and why?

Arctic Wolf's Managed Risk began it's migration to Unified Portal (UP) 18+ months ago as we enabled most of the operational scanning capabilities (scan scheduling, scanner configuration) into the Telemetry Management pages of UP. We are now launching the main risk management pages in Unified Portal and looking to deliver improvements in several key areas:

Improved Analyst Workflow
- We have made it easier for you to prioritize risks with new dashboard views and frictionless filtering
Enhanced Risk Context
- We have made it easier for you to investigate critical vulnerabilities in their environment with focused context
Unified Risks and Assets
- It's now simpler for you to investigate risks and assets with ease all in one dashboard with new asset filters

When will this take affect?

Managed Risk in Unified Portal (MR in UP) will be available on August 28, 2025.

What changes can I expect?

Managed Risk in Unified Portal is being delivered as new pages and capabilities inside of Unified Portal. We are not deprecating or replacing any capabilities in the legacy Risk Dashboard at this time; the two versions will run side-by-side for the foreseeable future as new capabilities are deployed in MR in UP and a decommissioning schedule for legacy Risk Dashboard and Risk Analytics can be established.

The Managed Risk in Unified Portal delivery consists of new capabilities in 3 main areas:

Risk Exposure Overview
Risk Pages
My Assets

Please see the Managed Risk in Unified Portal Overview document found here.

What are some of the key differences between the two versions?

Risk Granularity

The legacy Risk Dashboard applied some default grouping to risks, mainly those associated to Agent scans. The default Risks in Unified Portal view is mostly derived from findings based on a specific CVE so users will see an increase in the overall number of risks in their environment. Some findings will still group some CVEs together based on our detection logic.

Risk Lifecycle

Depending on the risk source, in the legacy Risk Dashboard users would need to manually transition the risk State to ensure it would move to a mitigated state if it was found remediated. Risks in Unified Portal does not require any manual intervention as part of the risk lifecycle.

Scores and Counts

Since Risks in Unified Portal (along with My Assets) uses new backend systems to manage assets and risks, users should not expect aggregated values (e.g. New Risks) or the Organizational Risk Score values to be the same as what they see in the legacy Risk Dashboard.

Why did my number of risks significantly increase?

To provide more accurate risk information, we provided a more granular approach to risks (see Risk Granularity above). That means that a single risk in legacy Risk Dashboard, when ungrouped, may now be represented by 2 or more individual risks in MR in UP. We have included the “Group by Vulnerability” view in the Risks Page to help manage the large number of risks and align similar risks together for actioning.

In addition, legacy Risk Dashboard did not count or display, by default, risks with a low severity/risk score of 3.9 or below. We show all unresolved risks by default in MR in UP so the overall risk count will be higher. You can apply filters to suppress any risks they do not want displayed.

Will my risk metrics (risk counts, risk scores) be the same between the two versions?

No. Because of the risk ungrouping and the fundamental differences in the way the new risks are structured, the number of risks between the two versions will be different. In a similar fashion, because there are now more risks being considered as part of the Risk Score calculation, you should not expect these values to be the same.

What are some capabilities I will still need to use legacy Risk Dashboard for?

Asset Tagging
- Any tagging needs for assets will still need to be done in the assets section of the legacy Risk Dashboard. There is a daily process that will run to synch any asset tag changes made in Risk Dashboard to the My Assets page in Unified Portal.
- Asset Tagging in My Assets will be available in October 2025
EVA Assets and Risks
- EVA assets and risks can only be viewed in the legacy Risk Dashboard for the August release.
- EVA assets and risks for IP addresses, domains and ATO will be available in October 2025 and CSPM will be available in January.
Agent Scans: CIS Benchmark and de-bug scan reports
- MR in UP does not currently provide a way to access these reports so users will need to use the legacy Risk Dashboard>Agent>Agent Scan Details page.
Management Plans
- This functionality will be migrated in a later release

Why can I only see a few months of risk data?

Because the underlying risks structure changed significantly with the new Risk Service, migrating existing risks in the legacy Risk Dashboard was not an option. Arctic Wolf enabled risks ingestion for all customers starting in July (and earlier for Early Access customers) so users should have risks populated in MR in UP depending on the scan cadence but a full history is not available.

Will I have to replicate risk changes in both systems?

Depending on your requirements, likely yes.

Scan results are sent to both the new MR in UP and legacy Risk Dashboard so risks that are found will show up in both versions. If a subsequent scan (successful scan) fails to find the risk, it will be marked as resolved/mitigated in both systems automatically and no user intervention is required.

If you are changing the State to Accepted or False Positive, or changing risk attributes like Assignee or Due Date, these will need to be done in both systems.

Are there any limitations in MR in UP that I should be aware of?

Agent and IVA Risks Only

Similar to the My Assets page, MR in UP will only display risks associated with Agent and your internal Vulnerability Assessment (IVA) scanners. Risks from the External Vulnerability Assessment (EVA) scanners will be introduced in October, 2025.

Risk History/Risk Synch

We are not “migrating” risks from legacy Risk Dashboard to MR in UP so the risk history will only go back 1-2 months when ingestion started.

Risk updates done in either system will not be synched back and forth.

IP address-only Assets

For the initial GA release, discovered assets that can only be identified by an IP address will not have risks associated with them. We are working to improve our “signal strength” to have more attributes associated with each asset that allows us to better de-duplicate asset and risk instances.

Export Performance

Exporting risks from MR in UP may be time consuming and we are working to make enhancements in this area to make this data available more quickly.

Should I wait to use the new MR in UP?

The feature set in Managed Risk in Unified Portal is very robust, provides improvements in many key areas over the legacy product and can be the primary version to handle your vulnerability management needs. But we do acknowledge that not all current legacy Risk Dashboard capabilities are available in MR in UP and we plan to quickly introduce new capabilities to close the gap on parity.

If you leverage the Management Plans or rely heavily on CIS Benchmark reports, you may consider waiting.