AnnouncementCase StudyCheckmarkcustomer-story-iconData Sheethow-to-logoposts
skip to Main Content

Q3 Threat Report. SOC trends to take action on | Take a tour of Expel MDR for Cloud Infrastructure


Release notes

What’s happening?

Release noteSeptember 12, 2022

Important Updates! Faster onboarding, more transparency

We’ve been working hard here at Expel, and we’re excited to share four big improvements we’ve made to make your life easier.

read more

Release noteJuly 11, 2022

Do you like scrolling through pages of alerts? We don’t.

New Google Workspace Alert center integration.

read more

Release noteJune 1, 2022

Azure, Terraform, and Auto Disabling, Oh my!

Auto disabling for Microsoft products, introducing an Azure Wizard, and Terraform for AWS!

read more

Release noteMay 2, 2022

Phishing remediation and more

Remove malicious phishing emails from all users’ inboxes - automatically. Also, we’ve added a new onboarding wizard to make the process even easier.

read more

Release noteApril 8, 2022

Easy peasy

Learn about how we’re continuing to make improvements to save you time.

read more

Release noteMarch 9, 2022

Cloud remediation

Halt attacker activity in the cloud with user account disablement. Best of all, it’s automated, so
we stop activity in minutes.

read more

Release noteFebruary 8, 2022

Supporting your business needs

Learn the latest on how we’re personalizing our service to meet your business needs.

read more

Release noteJanuary 7, 2022

Less steps, more productivity

We ended 2021, with some great enhancements to our Managed Phishing service and our onboarding process.

read more

Release noteDecember 7, 2021

New detection view

We’ve expanded our detection view to include our detection strategy and how we apply your customer context.

read more

Release noteNovember 3, 2021

Increase productivity

Working with an MDR provider should help improve your productivity, not hamper it. Learn about how we’re reducing response and onboarding times.

read more

Release noteOctober 5, 2021

Even easier onboarding

We’ve made some updates to our onboarding process to make the process easier by enhancing our AWS onboarding wizard and device health status notification. Read on to learn more.

read more

Release noteSeptember 14, 2021

New dashboard

Get metrics that track how we’re doing and insights into what we’re working on with our new service review dashboard.

read more

Release noteAugust 18, 2021

Security boot camp

Running red teams and phishing simulation helps you prepare for an actual incident, identify gaps (so you can improve) and educate your users. We’ve made some enhancements to help you do just that.

read more

Release noteJuly 29, 2021

Detect and contain

We’ve added new features to help you identify gaps and reduce your risk. Our new detection view lets you quickly see your threat coverage across MITRE ATT@CK while the host containment feature automatically stops threats from spreading.

read more

Release noteJune 16, 2021

Dive into Ruxie workflows

Summertime is here, and we’re making a splash about some new enhancements that save you time and provide more visibility.

read more

Release noteMay 18, 2021

Welcome, boxes

That’s right; you can now add Box and Dropbox to the SaaS apps we’re monitoring 24x7.

read more

Release noteApril 14, 2021

Keeping it reel

Get more visibility into your phishing submissions. For managed phishing customers, we’ve made some updates to provide you with more details. Not a managed phishing customer? We’ve also got a treat for you.

read more

Release noteMarch 11, 2021

We’re on it! Email confirmation

Let’s get right to it. You asked us to send an email confirmation to the user reporting the email - we did it!

read more

Release noteFebruary 16, 2021

Expel Workbench for AWS and Ruxie’s in MS Teams

It’s been a busy month over here at Expel! Read below for all the delectable news and updates.

read more

Release noteDecember 16, 2020

Ruxie, here

Our gloriously inquisitive security bot, Ruxie™, has been making the rounds this past month. Most notably, in Slack where she can now receive inbound requests from customers. Read all about it below.

read more

Release noteNovember 17, 2020

Commodity Malware

No need to wait until Jan. 20th for results - we’ve got all the goods right here. Right now. So, if you’re tired of watching news highlights highlighting no news, keep reading. We put the spotlight on some major Expel updates around commodity malware and messaging.

read more

Release noteSeptember 17, 2020

Remediation actions get checked

Get out of bed. Check. Grab a cup of coffee or tea or pumpkin spice latte (no judgement). Check. Register (and ideally, ignore) what’s going on in the world today. Check. Feels good to “check-off” something that you’ve done and accomplished. Over at Expel, we thought so too. That’s why we’ve introduced checkbox functionality to our remediation actions. Read on to learn more. Check!

read more

Release noteAugust 13, 2020

NIST CSF and Alert-to-fix timelines

We didn’t acquire TikTok, but we’ve been making some major power moves of our own this past month.

read more

Release noteJune 17, 2020

BEC reporting updates

When did it become summer?? It just crept up on us! You see, we’ve been working hard to ensure something much more nefarious doesn’t creep up on you - and that’s BEC. Read on to learn more about the snazzy updates we made to our BEC findings report. And remember to wear sunscreen. It’s getting hot out there.

read more

Release noteMay 18, 2020

All about alerts

It’s May. Do you know where your alerts are? Cause we do. From our new Alerts Ticker in Workbench to the beautification of our Alerts Analysis dashboard, knowing what’s going on with your alerts - and why - has never been easier.

read more

Release noteMarch 12, 2020

NIST CSF dashboard and other new stuff

We’ve been busy here at Expel, and we’re excited to share two cool new features that we recently added to Workbench: a NIST CSF dashboard and a Critical Alert category.

read more

Release noteFebruary 13, 2020

Investigations and alerts

Roses are red, violets are blue. We’ve been working hard on some cool new updates and want to share them with you!

read more

Release noteDecember 18, 2019

News on notifications

Extra, extra! Read all about it! This month was all about notification updates, as we improved messaging around security device health and PagerDuty capabilities.

read more

Release noteNovember 12, 2019

Yummy pie charts

Partial to pumpkin? Pecan? Maybe even peach? Whatever your flavor palate, it’s the time of year for pies. Over at Expel, we’ve been working on pies of a different sort – pie charts. We hope you find them just as yummy. Learn more about the other tasty treats we’re serving up this month.

read more

Release noteAugust 21, 2019

More alert details

Summer is coming to a close, but our closed reasons are making their debut. In this release, we’ve added more details on why we’ve closed an alert, so it’s easier for you to see a snapshot of closed alert reasons and to dive into the details for a particular alert. While you’re diving in, you’ll find more information about all the steps we took during an investigation on the improved alert history tab.

Learn more about these enhancements here.

read more

Release noteJuly 17, 2019

Run the Assembler in AWS

We spilled the beans when we sent our quarterly release notes out, but for those that missed it (or are as excited as we are), you can now run the Assembler in AWS. We’re working on adding the self-service capability but in the meantime, reach out to your engagement manager to get things set up. Learn more about our other enhancements and updates.

read more

Release noteJune 4, 2019

Easier investigation search

If you’d like to reference a past investigation, we’ve made it easier to so. We’ve updated the long 30+ character syntax with short names. To find an investigation, go to the Activity page and search using the new short name.

read more

Release noteApril 30, 2019

Security checks

It’s time for spring cleaning and some security updates. We’ve added additional monitoring to help detect data retention failures. We’ve also added a new field on the Security Device tab. You can now enter in your login credentials for your security tech.

read more

Release noteApril 17, 2019

New investigative features

Export more data! We’ve expanded the investigative data available for export. We’ve also made it easier to share a file for us to review or to add to an investigative data. Read more to learn about these new features in further detail.

read more

Release noteMarch 14, 2019

New ticketing options

Skip waiting in line and get tickets delivered right to you. We’ve made an update to our ticketing integration so you can now sign up to receive notifications when an investigative action is assigned to your organization. Read on to learn how to opt-in to the notification.

read more

Release noteFebruary 26, 2019

The best documentation goes to the Assembler

The shining star this release goes to our assembler on-boarding documentation. We’ve added the on-boarding documents into Workbench, so if you need to download an assembler, the step-by-step documentation is right where you need it. Tada!

read more

Release noteFebruary 12, 2019

And the winner goes to…

The 61st GRAMMY Awards are in the books, but we’ve got some great hits to hear. In the notifications category, we’d like to introduce email notification for when an investigation is closed. Find out all the details related to when it closed, why it closed and who closed it. Read on to hear about the runner-ups like data export for investigation.

read more

Release noteJanuary 30, 2019

Winter wonderland

When snow clings to trees, it gives them a fresh look. It’s a minor adjustment but goes a long way with how the trees appear. We’ve made some minor updates to improve the user experience. Adding security devices is now easier to search and find the tech you’re looking to add. We’ve also added a display icon in the remediation actions to indicate the link will open a new tab.

read more

Release noteJanuary 15, 2019

Under the weather, we’ve got you covered

We keep a watchful eye on your security devices and Assembler to make sure everything is on the up and up. If a device goes down, you can now receive notifications through Slack. Read on to learn more.

read more

Release noteJanuary 3, 2019

Kicking off the new year!

We’re starting the new year with new integrations! We now integrate with ServiceNow and JIRA ticketing systems. You can add this new integration into your workflow from your My Organization page. When Expel assigns a remediation action to your organization, you’ll receive a ticket from your ticketing system.

read more

Release noteDecember 5, 2018

Planes, trains and automobiles

‘Tis the season for travel. Whether you’re visiting friends and family or enjoying the weekend Workbench is just a click away. We’ve updated the Workbench display to make it mobile friendly. Read on to learn more.

read more

Release noteNovember 21, 2018

Short and sweet

We’re cooking up a new enhancement for the next release. In the meantime, we’re serving up some sides. In this release, we focused on tidying up a few things in Workbench. We’ve made updates to the scrolling functionality, the Data Viewer and design improvements.

read more

Release noteOctober 31, 2018

No tricks, just treats

We’ve got a few goodies for you this release. We’re continuing to make workflows easier so you can get back to what you love about security. Highlights for this release include easier device onboarding, count totals on the activity page and a new look for email notifications.

read more

Release noteOctober 16, 2018

Email notifications — hold the cookie monster

If you like to stay up-to-date through email notifications, we’ve got you covered. You can now sign up to receive notifications when a resilience recommendation is created or updated and when an analyst completes an action. We keep the emails short and to the point but if you need to reply, it will go to our SOC (we enjoy a good laugh, so images like cat pyjama-jam are welcomed). Read on to learn about the other enhancements (we’re looking at you Endgame customers).

read more

Release noteOctober 4, 2018

Pumpkin spice edition

Pumpkin spice lattes (or as some people say, PSL) are back. If you missed the memo, we have a few things in this release to keep you up-to-date. If you’re a PagerDuty customer, you can now receive an automated call or text when an investigation escalates to a security incident. You can also update your settings to receive email notification when we assign new resilience recommendations to your organization.

read more

Release noteSeptember 20, 2018

Just to be clear …

We’ve made a few enhancements to Workbench to keep things simple. To start, we’ve added a new feature that allows analysts to quickly review an alert before adding it to an investigation. We’ve also made some updates to the Alerts Grid and event timeline, so it’s clear what time we are referring to -- either the time the event occurred or when the vendor detected the event.

read more

Release noteSeptember 5, 2018

Look no further. Vendor alert information is here.

By popular demand, we’ve added the vendor alert name to the Alerts Grid. You can now filter and search for high-priority alerts from your vendor devices, instead of just Expel alerts. And since you see what our analysts see - you’ll know what exactly we did with the alert. We’ve also added Microsoft Azure to our supported assemblers.

read more

Release noteAugust 22, 2018

That was quick (and we’re not talking about summer)

School supplies have consumed the seasonal shelves in stores, which means the end of summer is near. While it seems like we just kicked off grilling season, we’ve been busy making improvements to Workbench to make workflows easier and in turn faster. A few highlights of this release include a new date/time picker for investigative actions which defaults to five minutes before and after the vendor alert. We’ve also made it easier to assign remediation actions and for our engagement managers to deliver the most relevant resilience recommendations to your organization.

read more

Release noteAugust 9, 2018

Spoiler alert! The alert analysis dashboard is live.

No need to watch for post-credit scenes, we’re giving you all the details upfront. Check out our latest Workbench tips and tricks video to learn about all the features of our new dashboard. The Alerts Analysis dashboard is a beta release, so stay tuned for more updates.

read more

Release noteJuly 25, 2018

Unlike Aquaman, you don’t have to wait for this release!

We’re constantly adding to our “league” of partner integrations and we’re happy to announce our latest additions. We now support Devo (formerly Logtrust) and have expanded our Darktrace “via SIEM” integration to include Darktrace via Devo. We’ve also made some updates to our Endgame integration to support the latest version. Read on to learn more about our integrations and other action-packed enhancements.

read more

Release noteJuly 10, 2018

Red, white and vroom!

It’s that time of year - fireworks, sparklers, and road trips. Whether or not you took some time off to enjoy the holiday, there is no place quite like home. We’ve updated Workbench so you can now select your homepage - so every time you login, you arrive where you love most. Read more to learn about the latest release.

read more

Release noteJune 26, 2018

Marco! … Polo!

Looking for a list of bug fixes? You’ve found them! In this release, we cleaned up a bunch of fixes so Workbench continues to be a pleasant user experience. We’ve also been hard at work on a couple of new features. Read on to find out what to expect in the upcoming weeks.

read more

Release noteJune 12, 2018

It’s a Triple Crown

Justify may have the fame of becoming the thirteenth Triple Crown winner but in this release, we’re giving you three ways to save time. (So you can focus on what you love, even if that’s not horse races.)

1. The Hyper-V Assembler is now available for you to download and install yourself.
2. You can add research actions for investigations in a single click.
3. Quick filters now enable you to see what alerts occurred in the last 72 hours.

To learn more about these time-saving features and the new integration enhancements with Sumo Logic and Splunk, read more.

read more

Release noteMay 29, 2018

Kicking off grilling season

We may not be able to help with that extra slider you had over the holiday weekend, but we can help you control how many alerts you download. Now you can select if you want all alerts or just Workbench alerts when you download alerts. Also, to keep pace with our previous release, we’ve added more investigative capabilities. To learn more about all the enhancements, read more.

read more

Release noteMay 17, 2018

The more, the merrier

It seems like there’s a new security product every day. And we’re continually adding network, endpoint and SIEM technologies to our integration list based on customer input. In this release, we’ve completed our integration with our first deception vendor, Attivo Networks, and our first network detection and response vendor, ProtectWise. We’ve also expanded our Palo Alto Networks investigation capability. Read on to learn about these new integrations, plus improvements to the alert investigation workflow and other UI enhancements.

read more

Release noteApril 24, 2018

Grab some popcorn – it’s movie time!

It may not have as much action and adventure as this year’s leading box-office movie, Black Panther, but our new Workbench tips and tricks videos take less than three minutes of your time. Next time you log into Workbench you’ll see a new alert view - the alert grid. We’ve created two videos to help explain how to find an alert and the features and functionality of the new view. To check out the alert grid videos and learn about the other features in this release, read more.

read more

Release noteApril 10, 2018

Professor Plum, the candlestick, in the ballroom – see who did it

While it’s fun to play detective to solve a mystery, it’s also time-consuming -- we’ve made some updates to make it is easier for you to see what took place and when in Workbench. The investigation and security incident page now includes who closed the investigation or incident and when it was closed. We’ve also made it easier to check the status of Workbench features. 

read more

Release noteMarch 27, 2018

A little spring cleaning

We’ve made multiple fixes to Workbench to keep it clean and tidy - like closing all alerts associated with an investigation when the investigation is marked closed. We’ve also made it easier for you to sort and filter through your alerts with the addition of a comma-separated (CSV) file export. Read more to learn about the tidying up we did with password reset and all the other updates.

read more

Release noteMarch 13, 2018

You’ve got mail!

If your idea of a good notification is an email in your inbox then this one’s for you!  We’ve added two new email lists that you can subscribe to. One tells you when actions are assigned to your organization while the other updates you about security device health. Update the notifications settings in your profile to start receiving these notices. We’ve also made some other enhancements that’ll make it easier to tell when investigations occurred.

read more

Release noteFebruary 27, 2018

Status Update … it’s no longer complicated

We’ve made several small changes to the way you update the status of an investigation or incident to make it easier to use. Now you don’t have to make that agonizing choice between Closed and Resolved at the end of an incident. We removed Resolved because it was not being used. We also added an Unknown option to all the dropdowns (except for Attack timing) for those times when the investigation findings are still unclear. Read on to learn more about it plus other enhancements that’ll simplify your workflow.

read more

Release noteFebruary 13, 2018

Things that make you go hmmm

No, we are not talking about the confusion around OAR at this years Olympics. (Psst: It’s not a new country, it stands for Olympic athletes of Russia.) We are referring to unusual remote desktop protocol (RDP) connections that our analysts are keeping an eye out for when they hunt in your environment. Attackers use this technique to move latterly, and we’ve added it to the list of techniques we look for while hunting in your environment. Not familiar with our hunting service? Reach out to your engagement manager for more details.

read more

Release noteJanuary 29, 2018

On the go? We’ve got you covered.

For those times when security is top of mind… even when you’re on vacation (it’s okay, we do it too!) You’ll be happy to know that we’ve turned off IP whitelisting so you can log into Workbench even when you are not in the office. You can also sleep a bit easier knowing that you can change your own password. Bonus - the password can be 255 characters. We also fixed a few thing that previously might have made you do a double take - don’t worry the alert is closed and the actions are complete.

read more

Release noteJanuary 16, 2018

I spy with my little eye… a big list of little enhancements

If things look a little different next time you login to the Workbench... but you can’t quite figure out why... that’s by design (heh!). We’re kicking off the new year with housekeeping. We’ve buttoned up (and straightened up) some of the lines and put things – like the reason investigations are closed – where you’d expect to find them (spoiler alert: on the investigation page).

If you’re a picture straightener you’ll find lots to enjoy starting with the list of Fixed items, which is a real page turner scroller this week!

read more

Release noteJanuary 5, 2018

Security Advisory: Meltdown and Spectre Vulnerabilities

In light of the recent CPU vulnerabilities that affect multiple CPU vendors, we wanted to give you an update on our internal response.

Expel has assessed the risk introduced by the Meltdown and Spectre vulnerabilities and we’ve already begun patching our production infrastructure as well as all internal IT systems. While we’ve not seen any evidence of exploitation of these vulnerabilities in the wild, we believe it’s prudent to expedite this patching process.

read more

Release noteJanuary 2, 2018

Introducing the Expel Workbench status page

“A watched pot never boils.” Or so the saying goes. That’s what we’re hoping. Because while you were (hopefully) out eating too much food and drinking eggnog or some other holiday favorite, our elves added a snazzy new status page that lets you see whether the Workbench is being naughty or nice.

We’ve also fixed up the situation report so it’s easier to size up what’s going on. And -- as always -- we’ve stomped out a bunch of pesky issues.

read more

Release noteDecember 18, 2017

Workbench email notifications and new tech integrations (“You better bring it.”)

"Oh, it's already been broughten."

There's a lot to cheer about in this week's release. Too much to fit in this summary, so make sure to scan through the complete notes for all the goodness.

To begin, we're happy to announce email notifications from Workbench! No matter where you are, you’ll be alerted immediately via email when Expel has identified a new security incident or launched an investigation in your organization. You’ll also know when a remediation action or investigative action has been assigned to you. Expel notification emails have just enough detail to help you quickly decide if any action is necessary and if so, what action to take.

read more

Release noteDecember 1, 2017

Just in time for the holidays — pie… charts!

The main dashboard now includes a set of Activity metrics along the top that summarize everything going on in the Workbench for the past month... or week or quarter. Popping open the drawer displays the (fancy new) pie charts, shutting the drawer saves space but keeps the metrics in sight. The sharp-eyed might notice that we also changed the name of this dashboard to Situation Report, which is much more accurate.

read more

Release noteDecember 1, 2017

New to Expel? Now you get a proper welcome!

Remember what it was like to find your way in a new city before your smartphone was a GPS? Well... we’re not quite in GPS territory yet but we’ve added a new feature that delivers a stylish “Welcome” email when you create a new user account. It comes complete with instructions that guide users through the process of setting up their account.

read more

Release noteNovember 3, 2017

Share the love… err work with new assignment options

If you like to collaborate, we think you’re going to love our new assignment options. They give you lots more flexibility to grab alerts you want to dig into on your own and assign them out to people on your team (or...if you’re thinking ‘why the heck did I want that alert’ you can just toss them back to us and be done with them). These new assignment options are also super helpful if you’re a Night Shift customer.

We’ve also fixed a bunch of pesky nits and nats in this update. Oh...and you’ll notice we’re now using Tanium’s snazzy new logo.

read more

Release noteOctober 20, 2017

Now supporting Zscaler integration

W00t! Expel support for the Zscaler platform is good to go, and we think that’s a pretty big deal. If you need help getting this configured, please contact your engagement manager.

Also included in this release: when you create a new user, the system will now automatically specify the invite token instead of you having to puzzle over what that form field is for. The invite token is used to create the unique enrollment link that new users see in their welcome email.

read more

Release noteOctober 6, 2017

Investigative actions are now editable (so there’s no excuse for typos)

From views to device login credentials, we’ve got a bunch of new investigative action items in our October 6 release.

You may remember we had a fix to remove the checkboxes from the security devices table, since we don’t have any bulk actions on security devices. If you find a need for bulk actions on security devices, please let us know.

read more

Release noteSeptember 22, 2017

New text fields for manual investigative actions provide documentation capability

As the title suggests, manual investigative actions now include text fields to capture the Reason for the action, the Outcome of the action, and the Closed reason (if the action won’t be performed). The outcome is required before completing the action.These changes help document the investigation and make our process more transparent. Also, the Manual > Other investigative action is gone and replaced by a free text field where you can create a custom action and give it any name you like.

read more
Review Expel on G2

© 2022 Expel, Inc. All Rights Reserved

Back To Top