Product · 1 MIN READ • SCOUT SCHOLES · MAR 3, 2026 · TAGS: AI & automation / Integrations / Ruxie
TL;DR
- This is a monthly recap of all the things our product team has delivered in the last 30 days
- Questions? Reach out to your Expel contact, or if you don’t have one, you can connect with us here
- This month we’re featuring two new features and three new integrations
Pushed to prod this month
Lead alerts summaries
What it is: We’ve added a new natural language summary feature to Expel Workbench™, powered by Ruxie, our AI and automation engine. It’s called lead alerts summary, and this power-up displays AI-generated summaries of an alert—immediate context and insights, no log translations required.
Why it matters: Expel analysts can investigate faster by seeing a summary of the alert instead of manually parsing JSON or digging through raw log files. This also allows you (the customer) to immediately understand what’s going on with a lead alert—what happened that caused this alert to fire, key indicators and context, and suggested next steps—written in plain English.
Slack & Workbench bi-directional comment syncing
What it is: Expel customers can now add comments to a Workbench investigation or incident directly from a Slack message. These messages sync back to Workbench in real time, and comments added in Workbench will show up in the Slack thread.
Why it matters: Bi-directional comment syncing provides a single source of truth for conversations and updates, and it doesn’t require a Zendesk ticket to reach our SOC.
New integrations
Support for CrowdStrike Falcon Next-Gen SIEM
Expel now integrates with CrowdStrike Next-Gen SIEM, the modern, cloud-native security platform that helps deliver faster, more efficient threat detection, investigation, and response.
These integrations matter because it’s your job to invest in the right tech for your environment, and it’s our job to make that tech work better for you. We’re always adding new integrations to our portfolio to meet you where you are.
JumpCloud DUET
JumpCloud is an identity and device management platform that provides directory services, single sign-on (SSO), multifactor authentication (MFA), and device management capabilities. Now we can map JumpCloud signals to detections triaged by our SOC, automatically enrich them, and send them to your team via a DUET.
Arista Network Detection and Response
Expel now integrates with Arista Network Detection and Response (NDR), including custom rules. This integration provides network monitoring and threat detection capabilities for customers using Arista’s NDR platform.
