AnnouncementCase StudyData Sheetposts
skip to Main Content

Customer library

Release note

Planes, trains and automobiles

‘Tis the season for travel. Whether you’re visiting friends and family or enjoying the weekend Workbench is just a click away. We’ve updated the Workbench display to make it mobile friendly. Read on to learn more.

read more

Release note

Short and sweet

We’re cooking up a new enhancement for the next release. In the meantime, we’re serving up some sides. In this release, we focused on tidying up a few things in Workbench. We’ve made updates to the scrolling functionality, the Data Viewer and design improvements.

read more

Release note

No tricks, just treats

We’ve got a few goodies for you this release. We’re continuing to make workflows easier so you can get back to what you love about security. Highlights for this release include easier device onboarding, count totals on the activity page and a new look for email notifications.

read more

Release note

Email notifications — hold the cookie monster

If you like to stay up-to-date through email notifications, we’ve got you covered. You can now sign up to receive notifications when a resilience recommendation is created or updated and when an analyst completes an action. We keep the emails short and to the point but if you need to reply, it will go to our SOC (we enjoy a good laugh, so images like cat pyjama-jam are welcomed). Read on to learn about the other enhancements (we’re looking at you Endgame customers).

read more

Release note

Pumpkin spice edition

Pumpkin spice lattes (or as some people say, PSL) are back. If you missed the memo, we have a few things in this release to keep you up-to-date. If you’re a PagerDuty customer, you can now receive an automated call or text when an investigation escalates to a security incident. You can also update your settings to receive email notification when we assign new resilience recommendations to your organization.

read more

Release note

Just to be clear …

We’ve made a few enhancements to Workbench to keep things simple. To start, we’ve added a new feature that allows analysts to quickly review an alert before adding it to an investigation. We’ve also made some updates to the Alerts Grid and event timeline, so it’s clear what time we are referring to -- either the time the event occurred or when the vendor detected the event.

read more

Release note

Look no further. Vendor alert information is here.

By popular demand, we’ve added the vendor alert name to the Alerts Grid. You can now filter and search for high-priority alerts from your vendor devices, instead of just Expel alerts. And since you see what our analysts see - you’ll know what exactly we did with the alert. We’ve also added Microsoft Azure to our supported assemblers.

read more

Workbench video

Alerts analysis dashboard

Learn about all the features of our new Alerts Analysis dashboard (now in beta!).

read more

Release note

That was quick (and we’re not talking about summer)

School supplies have consumed the seasonal shelves in stores, which means the end of summer is near. While it seems like we just kicked off grilling season, we’ve been busy making improvements to Workbench to make workflows easier and in turn faster. A few highlights of this release include a new date/time picker for investigative actions which defaults to five minutes before and after the vendor alert. We’ve also made it easier to assign remediation actions and for our engagement managers to deliver the most relevant resilience recommendations to your organization.

read more

Release note

Spoiler alert! The alert analysis dashboard is live.

No need to watch for post-credit scenes, we’re giving you all the details upfront. Check out our latest Workbench tips and tricks video to learn about all the features of our new dashboard. The Alerts Analysis dashboard is a beta release, so stay tuned for more updates.

read more

Release note

Unlike Aquaman, you don’t have to wait for this release!

We’re constantly adding to our “league” of partner integrations and we’re happy to announce our latest additions. We now support Devo (formerly Logtrust) and have expanded our Darktrace “via SIEM” integration to include Darktrace via Devo. We’ve also made some updates to our Endgame integration to support the latest version. Read on to learn more about our integrations and other action-packed enhancements.

read more

Release note

Red, white and vroom!

It’s that time of year - fireworks, sparklers, and road trips. Whether or not you took some time off to enjoy the holiday, there is no place quite like home. We’ve updated Workbench so you can now select your homepage - so every time you login, you arrive where you love most. Read more to learn about the latest release.

read more

Workbench video

Workbench tips and tricks: Alerts grid

Learn how to find out what Expel did with a particular alert or how to close (or investigate) multiple alerts in bulk.

read more

Workbench video

Workbench tips and tricks: Alerts grid features and functionality

Learn how to sort, filter and customize the alert grid view and how to close or investigate multiple alerts at a time.

read more

Release note

Marco! … Polo!

Looking for a list of bug fixes? You’ve found them! In this release, we cleaned up a bunch of fixes so Workbench continues to be a pleasant user experience. We’ve also been hard at work on a couple of new features. Read on to find out what to expect in the upcoming weeks.

read more

Release note

It’s a Triple Crown

Justify may have the fame of becoming the thirteenth Triple Crown winner but in this release, we’re giving you three ways to save time. (So you can focus on what you love, even if that’s not horse races.)

1. The Hyper-V Assembler is now available for you to download and install yourself.
2. You can add research actions for investigations in a single click.
3. Quick filters now enable you to see what alerts occurred in the last 72 hours.

To learn more about these time-saving features and the new integration enhancements with Sumo Logic and Splunk, read more.

read more

Release note

Kicking off grilling season

We may not be able to help with that extra slider you had over the holiday weekend, but we can help you control how many alerts you download. Now you can select if you want all alerts or just Workbench alerts when you download alerts. Also, to keep pace with our previous release, we’ve added more investigative capabilities. To learn more about all the enhancements, read more.

read more

Release note

The more, the merrier

It seems like there’s a new security product every day. And we’re continually adding network, endpoint and SIEM technologies to our integration list based on customer input. In this release, we’ve completed our integration with our first deception vendor, Attivo Networks, and our first network detection and response vendor, ProtectWise. We’ve also expanded our Palo Alto Networks investigation capability. Read on to learn about these new integrations, plus improvements to the alert investigation workflow and other UI enhancements.

read more

Release note

Grab some popcorn – it’s movie time!

It may not have as much action and adventure as this year’s leading box-office movie, Black Panther, but our new Workbench tips and tricks videos take less than three minutes of your time. Next time you log into Workbench you’ll see a new alert view - the alert grid. We’ve created two videos to help explain how to find an alert and the features and functionality of the new view. To check out the alert grid videos and learn about the other features in this release, read more.

read more

Release note

Professor Plum, the candlestick, in the ballroom – see who did it

While it’s fun to play detective to solve a mystery, it’s also time-consuming -- we’ve made some updates to make it is easier for you to see what took place and when in Workbench. The investigation and security incident page now includes who closed the investigation or incident and when it was closed. We’ve also made it easier to check the status of Workbench features. 

read more

Release note

A little spring cleaning

We’ve made multiple fixes to Workbench to keep it clean and tidy - like closing all alerts associated with an investigation when the investigation is marked closed. We’ve also made it easier for you to sort and filter through your alerts with the addition of a comma-separated (CSV) file export. Read more to learn about the tidying up we did with password reset and all the other updates.

read more

Release note

You’ve got mail!

If your idea of a good notification is an email in your inbox then this one’s for you!  We’ve added two new email lists that you can subscribe to. One tells you when actions are assigned to your organization while the other updates you about security device health. Update the notifications settings in your profile to start receiving these notices. We’ve also made some other enhancements that’ll make it easier to tell when investigations occurred.

read more

Release note

Status Update … it’s no longer complicated

We’ve made several small changes to the way you update the status of an investigation or incident to make it easier to use. Now you don’t have to make that agonizing choice between Closed and Resolved at the end of an incident. We removed Resolved because it was not being used. We also added an Unknown option to all the dropdowns (except for Attack timing) for those times when the investigation findings are still unclear. Read on to learn more about it plus other enhancements that’ll simplify your workflow.

read more

Release note

Things that make you go hmmm

No, we are not talking about the confusion around OAR at this years Olympics. (Psst: It’s not a new country, it stands for Olympic athletes of Russia.) We are referring to unusual remote desktop protocol (RDP) connections that our analysts are keeping an eye out for when they hunt in your environment. Attackers use this technique to move latterly, and we’ve added it to the list of techniques we look for while hunting in your environment. Not familiar with our hunting service? Reach out to your engagement manager for more details.

read more

Release note

On the go? We’ve got you covered.

For those times when security is top of mind… even when you’re on vacation (it’s okay, we do it too!) You’ll be happy to know that we’ve turned off IP whitelisting so you can log into Workbench even when you are not in the office. You can also sleep a bit easier knowing that you can change your own password. Bonus - the password can be 255 characters. We also fixed a few thing that previously might have made you do a double take - don’t worry the alert is closed and the actions are complete.

read more

Release note

I spy with my little eye… a big list of little enhancements

If things look a little different next time you login to the Workbench... but you can’t quite figure out why... that’s by design (heh!). We’re kicking off the new year with housekeeping. We’ve buttoned up (and straightened up) some of the lines and put things – like the reason investigations are closed – where you’d expect to find them (spoiler alert: on the investigation page).

If you’re a picture straightener you’ll find lots to enjoy starting with the list of Fixed items, which is a real page turner scroller this week!

read more

Security Advisory

Security Advisory: Meltdown and Spectre Vulnerabilities

In light of the recent CPU vulnerabilities that affect multiple CPU vendors, we wanted to give you an update on our internal response.

Expel has assessed the risk introduced by the Meltdown and Spectre vulnerabilities and we’ve already begun patching our production infrastructure as well as all internal IT systems. While we’ve not seen any evidence of exploitation of these vulnerabilities in the wild, we believe it’s prudent to expedite this patching process.

read more

Release note

Security Advisory: Meltdown and Spectre Vulnerabilities

In light of the recent CPU vulnerabilities that affect multiple CPU vendors, we wanted to give you an update on our internal response.

Expel has assessed the risk introduced by the Meltdown and Spectre vulnerabilities and we’ve already begun patching our production infrastructure as well as all internal IT systems. While we’ve not seen any evidence of exploitation of these vulnerabilities in the wild, we believe it’s prudent to expedite this patching process.

read more

Release note

Introducing the Expel Workbench status page

“A watched pot never boils.” Or so the saying goes. That’s what we’re hoping. Because while you were (hopefully) out eating too much food and drinking eggnog or some other holiday favorite, our elves added a snazzy new status page that lets you see whether the Workbench is being naughty or nice.

We’ve also fixed up the situation report so it’s easier to size up what’s going on. And -- as always -- we’ve stomped out a bunch of pesky issues.

read more

Release note

Workbench email notifications and new tech integrations (“You better bring it.”)

"Oh, it's already been broughten."

There's a lot to cheer about in this week's release. Too much to fit in this summary, so make sure to scan through the complete notes for all the goodness.

To begin, we're happy to announce email notifications from Workbench! No matter where you are, you’ll be alerted immediately via email when Expel has identified a new security incident or launched an investigation in your organization. You’ll also know when a remediation action or investigative action has been assigned to you. Expel notification emails have just enough detail to help you quickly decide if any action is necessary and if so, what action to take.

read more

Release note

Just in time for the holidays — pie… charts!

The main dashboard now includes a set of Activity metrics along the top that summarize everything going on in the Workbench for the past month... or week or quarter. Popping open the drawer displays the (fancy new) pie charts, shutting the drawer saves space but keeps the metrics in sight. The sharp-eyed might notice that we also changed the name of this dashboard to Situation Report, which is much more accurate.

read more

Release note

New to Expel? Now you get a proper welcome!

Remember what it was like to find your way in a new city before your smartphone was a GPS? Well... we’re not quite in GPS territory yet but we’ve added a new feature that delivers a stylish “Welcome” email when you create a new user account. It comes complete with instructions that guide users through the process of setting up their account.

read more

Release note

Share the love… err work with new assignment options

If you like to collaborate, we think you’re going to love our new assignment options. They give you lots more flexibility to grab alerts you want to dig into on your own and assign them out to people on your team (or...if you’re thinking ‘why the heck did I want that alert’ you can just toss them back to us and be done with them). These new assignment options are also super helpful if you’re a Night Shift customer.

We’ve also fixed a bunch of pesky nits and nats in this update. Oh...and you’ll notice we’re now using Tanium’s snazzy new logo.

read more

Release note

Now supporting Zscaler integration

W00t! Expel support for the Zscaler platform is good to go, and we think that’s a pretty big deal. If you need help getting this configured, please contact your engagement manager.

Also included in this release: when you create a new user, the system will now automatically specify the invite token instead of you having to puzzle over what that form field is for. The invite token is used to create the unique enrollment link that new users see in their welcome email.

read more

Release note

Investigative actions are now editable (so there’s no excuse for typos)

From views to device login credentials, we’ve got a bunch of new investigative action items in our October 6 release.

You may remember we had a fix to remove the checkboxes from the security devices table, since we don’t have any bulk actions on security devices. If you find a need for bulk actions on security devices, please let us know.

read more

Release note

New text fields for manual investigative actions provide documentation capability

As the title suggests, manual investigative actions now include text fields to capture the Reason for the action, the Outcome of the action, and the Closed reason (if the action won’t be performed). The outcome is required before completing the action.These changes help document the investigation and make our process more transparent. Also, the Manual > Other investigative action is gone and replaced by a free text field where you can create a custom action and give it any name you like.

read more
Back To Top