Product · 2 MIN READ · SCOUT SCHOLES · JAN 29, 2026 · TAGS: AI & automation / Integrations / Phishing
TL;DR
- This new blog series is a monthly recap of what our product team has delivered in the last 30(ish) days
- We’re keeping it short and sweet, but if you have questions reach out to your Expel contact
- No contact, but still curious? Contact us here
Welcome to our first installment of our latest blog series, What we built. Each month we’ll share a quick round-up of new product features, updates, and enhancements to give you an idea of what we’re working on behind the scenes.
We’re always preaching about transparency, so we’re kicking off the year by putting our metaphorical money where our mouth is and doing just that. Some of these updates may be small, and some may come with huge announcements, but all of them are helping us continue to build a better experience for you. That’s worth sharing.
What we built in 2025
While our product team wasn’t radio silence on all they accomplished in 2025, you’ve likely only seen the highlights (like our AI upgrades, added support for Panther SIEM, updates on Ruxie, Sublime Security email integration, Wiz Defend integration, adding threat bulletins directly to Expel Workbench™, and more), that list isn’t exhaustive. Here’s some additional accomplishments from last year you might have missed:
- Many new integrations, including: PingID, Varonis, Microsoft Defender XDR, SentinelOne, AWS GovCloud, Hunters, Google SecOps, AWS CloudTrail.
- One-way status syncing with CrowdStrike Falcon and Palo Alto Cortex XDR, allowing Workbench to update alert statuses and add comments within your CrowdStrike and Palo Alto platforms.
- New AI power-ups for user context summaries, identity classification, and plain English descriptions for our detection rules.
Pushed to prod this month
Webhook for phishing notifications
What it is: Some of our customers use DIY, configurable capabilities for some of their tools, like webhooks or API connections. Previously, certain phishing events weren’t supported via webhooks–but we changed that.
Why it matters: This gives our customers even more options when it comes to linking their custom notification needs. Paired with our OOTB notifications, customers have a larger range of options for phishing notifications now.
Dark mode
What it is: We all know and love dark mode. While this update is mostly internally relevant, it’s fun to share that our SecOps platform, Expel Workbench™ (used by our SOC analysts) now has a dark mode option (we know…it’s about time!).
Why it matters: Because dark mode is cool. Just kidding (kind of)—while people do have really strong opinions about it, dark mode is a visual way to reduce eye strain for our expert SOCs analysts, and anything that benefits them benefits all of us.
Come back next month to see what we accomplished in February!
