Release noteNovember 17, 2020
No need to wait until Jan. 20th for results - we’ve got all the goods right here. Right now. So, if you’re tired of watching news highlights highlighting no news, keep reading. We put the spotlight on some major Expel updates around commodity malware and messaging.
Release noteSeptember 17, 2020
Get out of bed. Check. Grab a cup of coffee or tea or pumpkin spice latte (no judgement). Check. Register (and ideally, ignore) what’s going on in the world today. Check. Feels good to “check-off” something that you’ve done and accomplished. Over at Expel, we thought so too. That’s why we’ve introduced checkbox functionality to our remediation actions. Read on to learn more. Check!
Release noteJune 17, 2020
When did it become summer?? It just crept up on us! You see, we’ve been working hard to ensure something much more nefarious doesn’t creep up on you - and that’s BEC. Read on to learn more about the snazzy updates we made to our BEC findings report. And remember to wear sunscreen. It’s getting hot out there.
Release noteNovember 12, 2019
Partial to pumpkin? Pecan? Maybe even peach? Whatever your flavor palate, it’s the time of year for pies. Over at Expel, we’ve been working on pies of a different sort – pie charts. We hope you find them just as yummy. Learn more about the other tasty treats we’re serving up this month.
Release noteAugust 21, 2019
Summer is coming to a close, but our closed reasons are making their debut. In this release, we’ve added more details on why we’ve closed an alert, so it’s easier for you to see a snapshot of closed alert reasons and to dive into the details for a particular alert. While you’re diving in, you’ll find more information about all the steps we took during an investigation on the improved alert history tab.
Learn more about these enhancements here.
Release noteJuly 17, 2019
We spilled the beans when we sent our quarterly release notes out, but for those that missed it (or are as excited as we are), you can now run the Assembler in AWS. We’re working on adding the self-service capability but in the meantime, reach out to your engagement manager to get things set up. Learn more about our other enhancements and updates.
Release noteApril 30, 2019
It’s time for spring cleaning and some security updates. We’ve added additional monitoring to help detect data retention failures. We’ve also added a new field on the Security Device tab. You can now enter in your login credentials for your security tech.
Release noteMarch 14, 2019
Skip waiting in line and get tickets delivered right to you. We’ve made an update to our ticketing integration so you can now sign up to receive notifications when an investigative action is assigned to your organization. Read on to learn how to opt-in to the notification.
Release noteFebruary 26, 2019
The shining star this release goes to our assembler on-boarding documentation. We’ve added the on-boarding documents into Workbench, so if you need to download an assembler, the step-by-step documentation is right where you need it. Tada!
Release noteFebruary 12, 2019
The 61st GRAMMY Awards are in the books, but we’ve got some great hits to hear. In the notifications category, we’d like to introduce email notification for when an investigation is closed. Find out all the details related to when it closed, why it closed and who closed it. Read on to hear about the runner-ups like data export for investigation.
Release noteJanuary 30, 2019
When snow clings to trees, it gives them a fresh look. It’s a minor adjustment but goes a long way with how the trees appear. We’ve made some minor updates to improve the user experience. Adding security devices is now easier to search and find the tech you’re looking to add. We’ve also added a display icon in the remediation actions to indicate the link will open a new tab.
Release noteJanuary 3, 2019
We’re starting the new year with new integrations! We now integrate with ServiceNow and JIRA ticketing systems. You can add this new integration into your workflow from your My Organization page. When Expel assigns a remediation action to your organization, you’ll receive a ticket from your ticketing system.
Release noteNovember 21, 2018
We’re cooking up a new enhancement for the next release. In the meantime, we’re serving up some sides. In this release, we focused on tidying up a few things in Workbench. We’ve made updates to the scrolling functionality, the Data Viewer and design improvements.
Release noteOctober 31, 2018
We’ve got a few goodies for you this release. We’re continuing to make workflows easier so you can get back to what you love about security. Highlights for this release include easier device onboarding, count totals on the activity page and a new look for email notifications.
Release noteOctober 16, 2018
If you like to stay up-to-date through email notifications, we’ve got you covered. You can now sign up to receive notifications when a resilience recommendation is created or updated and when an analyst completes an action. We keep the emails short and to the point but if you need to reply, it will go to our SOC (we enjoy a good laugh, so images like cat pyjama-jam are welcomed). Read on to learn about the other enhancements (we’re looking at you Endgame customers).
Release noteOctober 4, 2018
Pumpkin spice lattes (or as some people say, PSL) are back. If you missed the memo, we have a few things in this release to keep you up-to-date. If you’re a PagerDuty customer, you can now receive an automated call or text when an investigation escalates to a security incident. You can also update your settings to receive email notification when we assign new resilience recommendations to your organization.
Release noteSeptember 20, 2018
We’ve made a few enhancements to Workbench to keep things simple. To start, we’ve added a new feature that allows analysts to quickly review an alert before adding it to an investigation. We’ve also made some updates to the Alerts Grid and event timeline, so it’s clear what time we are referring to -- either the time the event occurred or when the vendor detected the event.
Release noteSeptember 5, 2018
By popular demand, we’ve added the vendor alert name to the Alerts Grid. You can now filter and search for high-priority alerts from your vendor devices, instead of just Expel alerts. And since you see what our analysts see - you’ll know what exactly we did with the alert. We’ve also added Microsoft Azure to our supported assemblers.
Release noteAugust 22, 2018
School supplies have consumed the seasonal shelves in stores, which means the end of summer is near. While it seems like we just kicked off grilling season, we’ve been busy making improvements to Workbench to make workflows easier and in turn faster. A few highlights of this release include a new date/time picker for investigative actions which defaults to five minutes before and after the vendor alert. We’ve also made it easier to assign remediation actions and for our engagement managers to deliver the most relevant resilience recommendations to your organization.
Release noteAugust 9, 2018
No need to watch for post-credit scenes, we’re giving you all the details upfront. Check out our latest Workbench tips and tricks video to learn about all the features of our new dashboard. The Alerts Analysis dashboard is a beta release, so stay tuned for more updates.
Release noteJuly 25, 2018
We’re constantly adding to our “league” of partner integrations and we’re happy to announce our latest additions. We now support Devo (formerly Logtrust) and have expanded our Darktrace “via SIEM” integration to include Darktrace via Devo. We’ve also made some updates to our Endgame integration to support the latest version. Read on to learn more about our integrations and other action-packed enhancements.
Release noteJuly 10, 2018
It’s that time of year - fireworks, sparklers, and road trips. Whether or not you took some time off to enjoy the holiday, there is no place quite like home. We’ve updated Workbench so you can now select your homepage - so every time you login, you arrive where you love most. Read more to learn about the latest release.
Release noteJune 26, 2018
Looking for a list of bug fixes? You’ve found them! In this release, we cleaned up a bunch of fixes so Workbench continues to be a pleasant user experience. We’ve also been hard at work on a couple of new features. Read on to find out what to expect in the upcoming weeks.
Release noteJune 12, 2018
Justify may have the fame of becoming the thirteenth Triple Crown winner but in this release, we’re giving you three ways to save time. (So you can focus on what you love, even if that’s not horse races.)
1. The Hyper-V Assembler is now available for you to download and install yourself.
2. You can add research actions for investigations in a single click.
3. Quick filters now enable you to see what alerts occurred in the last 72 hours.
To learn more about these time-saving features and the new integration enhancements with Sumo Logic and Splunk, read more.
Release noteMay 29, 2018
We may not be able to help with that extra slider you had over the holiday weekend, but we can help you control how many alerts you download. Now you can select if you want all alerts or just Workbench alerts when you download alerts. Also, to keep pace with our previous release, we’ve added more investigative capabilities. To learn more about all the enhancements, read more.
Release noteMay 17, 2018
It seems like there’s a new security product every day. And we’re continually adding network, endpoint and SIEM technologies to our integration list based on customer input. In this release, we’ve completed our integration with our first deception vendor, Attivo Networks, and our first network detection and response vendor, ProtectWise. We’ve also expanded our Palo Alto Networks investigation capability. Read on to learn about these new integrations, plus improvements to the alert investigation workflow and other UI enhancements.
Release noteApril 24, 2018
It may not have as much action and adventure as this year’s leading box-office movie, Black Panther, but our new Workbench tips and tricks videos take less than three minutes of your time. Next time you log into Workbench you’ll see a new alert view - the alert grid. We’ve created two videos to help explain how to find an alert and the features and functionality of the new view. To check out the alert grid videos and learn about the other features in this release, read more.
Release noteApril 10, 2018
While it’s fun to play detective to solve a mystery, it’s also time-consuming -- we’ve made some updates to make it is easier for you to see what took place and when in Workbench. The investigation and security incident page now includes who closed the investigation or incident and when it was closed. We’ve also made it easier to check the status of Workbench features.
Release noteMarch 27, 2018
We’ve made multiple fixes to Workbench to keep it clean and tidy - like closing all alerts associated with an investigation when the investigation is marked closed. We’ve also made it easier for you to sort and filter through your alerts with the addition of a comma-separated (CSV) file export. Read more to learn about the tidying up we did with password reset and all the other updates.
Release noteMarch 13, 2018
If your idea of a good notification is an email in your inbox then this one’s for you! We’ve added two new email lists that you can subscribe to. One tells you when actions are assigned to your organization while the other updates you about security device health. Update the notifications settings in your profile to start receiving these notices. We’ve also made some other enhancements that’ll make it easier to tell when investigations occurred.
Release noteFebruary 27, 2018
We’ve made several small changes to the way you update the status of an investigation or incident to make it easier to use. Now you don’t have to make that agonizing choice between Closed and Resolved at the end of an incident. We removed Resolved because it was not being used. We also added an Unknown option to all the dropdowns (except for Attack timing) for those times when the investigation findings are still unclear. Read on to learn more about it plus other enhancements that’ll simplify your workflow.
Release noteFebruary 13, 2018
No, we are not talking about the confusion around OAR at this years Olympics. (Psst: It’s not a new country, it stands for Olympic athletes of Russia.) We are referring to unusual remote desktop protocol (RDP) connections that our analysts are keeping an eye out for when they hunt in your environment. Attackers use this technique to move latterly, and we’ve added it to the list of techniques we look for while hunting in your environment. Not familiar with our hunting service? Reach out to your engagement manager for more details.
Release noteJanuary 29, 2018
For those times when security is top of mind… even when you’re on vacation (it’s okay, we do it too!) You’ll be happy to know that we’ve turned off IP whitelisting so you can log into Workbench even when you are not in the office. You can also sleep a bit easier knowing that you can change your own password. Bonus - the password can be 255 characters. We also fixed a few thing that previously might have made you do a double take - don’t worry the alert is closed and the actions are complete.
Release noteJanuary 16, 2018
If things look a little different next time you login to the Workbench... but you can’t quite figure out why... that’s by design (heh!). We’re kicking off the new year with housekeeping. We’ve buttoned up (and straightened up) some of the lines and put things – like the reason investigations are closed – where you’d expect to find them (spoiler alert: on the investigation page).
If you’re a picture straightener you’ll find lots to enjoy starting with the list of Fixed items, which is a real page turner scroller this week!
Release noteJanuary 5, 2018
In light of the recent CPU vulnerabilities that affect multiple CPU vendors, we wanted to give you an update on our internal response.
Expel has assessed the risk introduced by the Meltdown and Spectre vulnerabilities and we’ve already begun patching our production infrastructure as well as all internal IT systems. While we’ve not seen any evidence of exploitation of these vulnerabilities in the wild, we believe it’s prudent to expedite this patching process.
Release noteJanuary 2, 2018
“A watched pot never boils.” Or so the saying goes. That’s what we’re hoping. Because while you were (hopefully) out eating too much food and drinking eggnog or some other holiday favorite, our elves added a snazzy new status page that lets you see whether the Workbench is being naughty or nice.
We’ve also fixed up the situation report so it’s easier to size up what’s going on. And -- as always -- we’ve stomped out a bunch of pesky issues.
Release noteDecember 18, 2017
"Oh, it's already been broughten."
There's a lot to cheer about in this week's release. Too much to fit in this summary, so make sure to scan through the complete notes for all the goodness.
To begin, we're happy to announce email notifications from Workbench! No matter where you are, you’ll be alerted immediately via email when Expel has identified a new security incident or launched an investigation in your organization. You’ll also know when a remediation action or investigative action has been assigned to you. Expel notification emails have just enough detail to help you quickly decide if any action is necessary and if so, what action to take.
Release noteDecember 1, 2017
The main dashboard now includes a set of Activity metrics along the top that summarize everything going on in the Workbench for the past month... or week or quarter. Popping open the drawer displays the (fancy new) pie charts, shutting the drawer saves space but keeps the metrics in sight. The sharp-eyed might notice that we also changed the name of this dashboard to Situation Report, which is much more accurate.
Release noteDecember 1, 2017
Remember what it was like to find your way in a new city before your smartphone was a GPS? Well... we’re not quite in GPS territory yet but we’ve added a new feature that delivers a stylish “Welcome” email when you create a new user account. It comes complete with instructions that guide users through the process of setting up their account.
Release noteNovember 3, 2017
If you like to collaborate, we think you’re going to love our new assignment options. They give you lots more flexibility to grab alerts you want to dig into on your own and assign them out to people on your team (or...if you’re thinking ‘why the heck did I want that alert’ you can just toss them back to us and be done with them). These new assignment options are also super helpful if you’re a Night Shift customer.
We’ve also fixed a bunch of pesky nits and nats in this update. Oh...and you’ll notice we’re now using Tanium’s snazzy new logo.
Release noteOctober 20, 2017
W00t! Expel support for the Zscaler platform is good to go, and we think that’s a pretty big deal. If you need help getting this configured, please contact your engagement manager.
Also included in this release: when you create a new user, the system will now automatically specify the invite token instead of you having to puzzle over what that form field is for. The invite token is used to create the unique enrollment link that new users see in their welcome email.
Release noteOctober 6, 2017
From views to device login credentials, we’ve got a bunch of new investigative action items in our October 6 release.
You may remember we had a fix to remove the checkboxes from the security devices table, since we don’t have any bulk actions on security devices. If you find a need for bulk actions on security devices, please let us know.
Release noteSeptember 22, 2017
As the title suggests, manual investigative actions now include text fields to capture the Reason for the action, the Outcome of the action, and the Closed reason (if the action won’t be performed). The outcome is required before completing the action.These changes help document the investigation and make our process more transparent. Also, the Manual > Other investigative action is gone and replaced by a free text field where you can create a custom action and give it any name you like.