A space for
(content curated by our tribe for yours)
Ready. Set. Go!
(for Expel customers only)
We’ve got you covered when you need to get Expel access but don’t want to dig through bookmarks and notes.
It may not have as much action and adventure as this year’s leading box-office movie, Black Panther, but our new Workbench tips and tricks videos take less than three minutes of your time. Next time you log into Workbench you’ll see a new alert view - the alert grid. We’ve created two videos to help explain how to find an alert and the features and functionality of the new view. To check out the alert grid videos and learn about the other features in this release, read more.
While it’s fun to play detective to solve a mystery, it’s also time-consuming -- we’ve made some updates to make it is easier for you to see what took place and when in Workbench. The investigation and security incident page now includes who closed the investigation or incident and when it was closed. We’ve also made it easier to check the status of Workbench features.
We’ve made multiple fixes to Workbench to keep it clean and tidy - like closing all alerts associated with an investigation when the investigation is marked closed. We’ve also made it easier for you to sort and filter through your alerts with the addition of a comma-separated (CSV) file export. Read more to learn about the tidying up we did with password reset and all the other updates.
If your idea of a good notification is an email in your inbox then this one’s for you! We’ve added two new email lists that you can subscribe to. One tells you when actions are assigned to your organization while the other updates you about security device health. Update the notifications settings in your profile to start receiving these notices. We’ve also made some other enhancements that’ll make it easier to tell when investigations occurred.
We’ve made several small changes to the way you update the status of an investigation or incident to make it easier to use. Now you don’t have to make that agonizing choice between Closed and Resolved at the end of an incident. We removed Resolved because it was not being used. We also added an Unknown option to all the dropdowns (except for Attack timing) for those times when the investigation findings are still unclear. Read on to learn more about it plus other enhancements that’ll simplify your workflow.
No, we are not talking about the confusion around OAR at this years Olympics. (Psst: It’s not a new country, it stands for Olympic athletes of Russia.) We are referring to unusual remote desktop protocol (RDP) connections that our analysts are keeping an eye out for when they hunt in your environment. Attackers use this technique to move latterly, and we’ve added it to the list of techniques we look for while hunting in your environment. Not familiar with our hunting service? Reach out to your engagement manager for more details.
For those times when security is top of mind… even when you’re on vacation (it’s okay, we do it too!) You’ll be happy to know that we’ve turned off IP whitelisting so you can log into Workbench even when you are not in the office. You can also sleep a bit easier knowing that you can change your own password. Bonus - the password can be 255 characters. We also fixed a few thing that previously might have made you do a double take - don’t worry the alert is closed and the actions are complete.
Articles and announcements