TL;DR
- Effective managed detection and response (MDR) is a partnership acting as an extension of your team. We believe that requires seamless, real-time collaboration between your team and our security experts.
- To eliminate the friction of traditional ticketing systems, we are introducing bi-directional threaded commenting that natively connects your Slack or Microsoft Teams workspaces directly to Expel Workbench™.
- This direct integration allows you to communicate instantly with our SOC on active incidents and easily launch on-demand investigations, accelerating response times when every second counts.
Effective managed detection and response (MDR) is, at its core, a partnership. To act as a true extension of your security operations team, an MDR provider must operate with complete transparency and prioritize frictionless collaboration. Without that tight alignment, teams inevitably face complicated hand-offs and delays in time-to-coverage. When communication lives in isolated systems critical security signals go underutilized, slowing down response times when swift, decisive action is necessary.
Detecting a threat is only the first step. Fast, native communication between your team and our security operations center (SOC) is essential to operationalizing those insights. Today, we are giving that partnership a major upgrade by introducing bi-directional threaded commenting for Slack and Microsoft Teams.
Breaking down communication silos
Historically, communicating about active incidents involved a multi-step workflow. You would enter a message in Slack or Teams, navigate to Zendesk to write a ticket, and then wait for Expel’s SOC to be notified.
This process introduced complicated hand-offs and increased friction, creating delays in time-to-coverage. Relying heavily on a ticketing system during an active threat can also create an impersonal connection, leaving valuable security signals underutilized during critical moments when immediate coordination and true collaboration are necessary.
Seamless collaboration, right from your workspace
We’re rolling out improvements to how you work with Expel by enabling near real-time, two-way messaging between your primary workspace and Workbench. This full bi-directional commenting integration is now officially live for both Slack and Microsoft Teams workspaces.
To keep conversations focused and channels clean, commenting is specifically targeted to “investigation created” and “incident created” notification threads. You can now reply directly to these notifications to communicate straight with our SOC analysts—without ever needing to open a ticket.
Your responses flow directly into Workbench. In turn, the SOC’s replies appear back in your chat thread, creating a seamless conversation loop. Because rich media is fully supported, you can even upload images directly into the chat comments to provide instant visual context to our analysts.
Fast-tracking on-demand investigations
When something looks suspicious, you need to be able to raise the alarm quickly. We have added a simplified on-demand flow by introducing a permanent shortcut to open an investigation straight from your communication channels.
By clicking the dedicated deep link via the pinned message in your Slack channel, or within the “Tabs” section of your Microsoft Teams channel, you will instantly open the “add investigation” modal in Workbench. This eliminates the need to navigate there manually, saving you precious time.
Expertise at your fingertips
Expel delivers an autonomous, event-driven, natively-integrated pipeline. By connecting your primary communication channels directly to our analysts in Workbench, we provide direct and immediate visibility. Your requests go straight to the experts handling your alerts, cutting out unnecessary steps and accelerating response times when quick action matters most.
Crucially, our highly skilled analysts are always in the loop. These direct chat integrations make our team more connected to yours, acting as expert editors who refine and act on the communications flowing from your environment. We maintain strict efficacy and accuracy because our SOC analysts directly receive, acknowledge, and contextualize your messages within Workbench ensuring true collaboration without sacrificing analytical rigor.
Get started
This update is part of our ongoing work to make it easier to collaborate with Expel in the tools you already use. To get started, make sure your chat notifications are turned on for “comment created” and either “incident created” or “investigation created.”
Questions or feedback? We’re here to help. Contact support@expel.com or reach out to your Customer Success Manager.
