Introducing the Expel Workbench status page

New

Workbench system status page

In the spirit of transparency, accountability, and raising the bar for what organizations can and should expect from their managed security provider, we’ve created a public status page (http://status.expel.io/) for Workbench. You can check system health, uptime and keep an eye on scheduled upgrades and maintenance. If you’re one of those people who likes to hear your phone buzz, you can sign up for email, SMS or RSS notifications by clicking on the Subscribe to Updates button and we’ll send you updates whenever there’s a hiccup or planned downtime.

Check it out and let us know what you think!

Workbench system status page

 

Situation report enhancements

We’ve made some improvements to the Situation Report dashboard that make it easier for you to see the items that require your attention:

  • We changed the remediation and investigative action columns so they only show “open” actions. Open actions are ones that have yet to be assigned to an analyst and actions that are assigned and are still in progress. In other words, you won’t see any closed actions here.
  • If you want to see all remediation and investigative actions (including closed and completed actions), we’ve added links to the page, which take you to the Activity > Actions board.
  • The What’s Urgent? numbers across the top are now links. When you click on them you’ll auto-scroll down the page to the appropriate section. Pretty neat!

Updates to security incident donut charts

We’ve made two small, but user-friendly, updates to the security incident tile and banner:

  • The first donut chart used to be labeled Incident and is now labeled Findings. This better communicates that it measures the percentage of findings questions that have been answered.
  • The second donut chart (measuring the percentage of completed remediation actions) appeared only when a remediation action was created, otherwise the space was empty. To make this scenario clearer, we have created a “None” placeholder to indicate there are no remediation actions yet.

 

Updated donut charts

Failed enrollment messaging

We want to let the good guys into Workbench and keep the bad guys out. Now, when new users try to enroll with an expired or invalid link, they’ll see messaging on the login page that indicates what the problem is — but doesn’t tip off evildoers with too much information.

Other enhancements

  • Improved protection for authentication credentials.
  • Added more detail to FireEye HX alerts, including better handling of alerts with missing or unfamiliar event types.
  • We did a significant refactor of our authentication UI to improve security.
  • Fixed a bug in the Data Viewer that caused the row count not to update when the date range filter changed.
  • When a user’s enrollment email has expired, that status is now reflected on the Users page, next to their name.
  • If you’re a pixel person you’ll be happy to know we’ve made spacing and alignment adjustments to the investigative and remediation action tiles so they’re now easier to read.
  • When an investigation is closed, the New investigative action UI is now hidden, because we figure it doesn’t make sense to add actions to a closed investigation.
  • Carbon Black has a new logo, so we updated our CB Defense and CB Response logos in the UI. They should be a lot more legible now.
  • Fixed a display problem where the Alerts were being sorted newest first, which is correct, but the sort dropdown said Oldest first. D’oh!

Fixed

  • Fixed the Add Investigation modal so that Investigation is always selected by default.
  • Fixed a problem in notification preferences that prevented the UI from refreshing when clicking between user profile pages.
  • Fixed a problem in the Data Viewer that caused wrong row counts to be displayed when the user viewed a different data set.
  • Fixed a spacing issue on the Assembler tile heading.
  • Fixed a problem that caused bulleted lists in markdown to render without a left margin.
  • Fixed an issue that caused some alerts to display without metadata.
  • Fixed an issue that briefly caused downloads from the Workbench UI to fail.
  • Fixed some spacing and layout issues in the Alert Details tabs.
  • Fixed a problem that briefly caused the time and vendor information for each alert on the Alerts screen to be indented.
  • Fixed an issue that resulted in uneven column widths in the Activity > Actions board.
  • Fixed a layout issue that caused popups in the Initial Lead box on the Investigative Actions screen to look like they were overflowing the box.
  • Fixed a problem that briefly caused new investigations and incidents to not be assigned to “me” by default.
  • Fixed the closed investigation banner so that it says “Closed Investigation”.
  • Fixed notification emails to render markup properly.
  • Fixed a whole lot of formatting issues in the Update status drawer.
  • Standardized page margins.