Release Notes
March 13, 2023
Automation and configurability: anyway you want it, that’s the way you need itIn this release notes edition: stronger context for enriching detections, less clutter/better sorting for the Security Device page, new integrations, conditional notifications, and more.
September 12, 2022
Important Updates! Faster onboarding, more transparencyWe’ve been working hard here at Expel, and we’re excited to share four big improvements we’ve made to make your life easier.
July 11, 2022
Do you like scrolling through pages of alerts? We don’t.New Google Workspace Alert center integration.
June 1, 2022
Azure, Terraform, and Auto Disabling, Oh my!Auto disabling for Microsoft products, introducing an Azure Wizard, and Terraform for AWS!
May 2, 2022
Phishing remediation and moreRemove malicious phishing emails from all users’ inboxes - automatically. Also, we’ve added a new onboarding wizard to make the process even easier.
March 9, 2022
Cloud remediationHalt attacker activity in the cloud with user account disablement. Best of all, it’s automated, sowe stop activity in minutes.
February 8, 2022
Supporting your business needsLearn the latest on how we’re personalizing our service to meet your business needs.
January 7, 2022
Less steps, more productivityWe ended 2021, with some great enhancements to our Managed Phishing service and our onboarding process.
December 7, 2021
New detection viewWe’ve expanded our detection view to include our detection strategy and how we apply your customer context.
November 3, 2021
Increase productivityWorking with an MDR provider should help improve your productivity, not hamper it. Learn about how we’re reducing response and onboarding times.
October 5, 2021
Even easier onboardingWe’ve made some updates to our onboarding process to make the process easier by enhancing our AWS onboarding wizard and device health status notification. Read on to learn more.
September 14, 2021
New dashboardGet metrics that track how we’re doing and insights into what we’re working on with our new service review dashboard.
August 18, 2021
Security boot campRunning red teams and phishing simulation helps you prepare for an actual incident, identify gaps (so you can improve) and educate your users. We’ve made some enhancements to help you do just that.
July 29, 2021
Detect and containWe’ve added new features to help you identify gaps and reduce your risk. Our new detection view lets you quickly see your threat coverage across MITRE ATT@CK while the host containment feature automatically stops threats from spreading.
June 16, 2021
Dive into Ruxie workflowsSummertime is here, and we’re making a splash about some new enhancements that save you time and provide more visibility.
May 18, 2021
Welcome, boxesThat’s right; you can now add Box and Dropbox to the SaaS apps we’re monitoring 24x7.
April 14, 2021
Keeping it reelGet more visibility into your phishing submissions. For managed phishing customers, we’ve made some updates to provide you with more details. Not a managed phishing customer? We’ve also got a treat for you.
March 11, 2021
We’re on it! Email confirmationLet’s get right to it. You asked us to send an email confirmation to the user reporting the email - we did it!
February 16, 2021
Expel Workbench for AWS and Ruxie’s in MS TeamsIt’s been a busy month over here at Expel! Read below for all the delectable news and updates.
December 16, 2020
Ruxie, hereOur gloriously inquisitive security bot, Ruxie™, has been making the rounds this past month. Most notably, in Slack where she can now receive inbound requests from customers. Read all about it below.
November 17, 2020
Commodity MalwareNo need to wait until Jan. 20th for results - we’ve got all the goods right here. Right now. So, if you’re tired of watching news highlights highlighting no news, keep reading. We put the spotlight on some major Expel updates around commodity malware and messaging.
September 17, 2020
Remediation actions get checkedGet out of bed. Check. Grab a cup of coffee or tea or pumpkin spice latte (no judgement). Check. Register (and ideally, ignore) what’s going on in the world today. Check. Feels good to “check-off” something that you’ve done and accomplished. Over at Expel, we thought so too. That’s why we’ve introduced checkbox functionality to our remediation actions. Read on to learn more. Check!
August 13, 2020
NIST CSF and Alert-to-fix timelinesWe didn’t acquire TikTok, but we’ve been making some major power moves of our own this past month.
June 17, 2020
BEC reporting updatesWhen did it become summer?? It just crept up on us! You see, we’ve been working hard to ensure something much more nefarious doesn’t creep up on you - and that’s BEC. Read on to learn more about the snazzy updates we made to our BEC findings report. And remember to wear sunscreen. It’s getting hot out there.
May 18, 2020
All about alertsIt’s May. Do you know where your alerts are? Cause we do. From our new Alerts Ticker in Workbench to the beautification of our Alerts Analysis dashboard, knowing what’s going on with your alerts - and why - has never been easier.
March 12, 2020
NIST CSF dashboard and other new stuffWe’ve been busy here at Expel, and we’re excited to share two cool new features that we recently added to Workbench: a NIST CSF dashboard and a Critical Alert category.
February 13, 2020
Investigations and alertsRoses are red, violets are blue. We’ve been working hard on some cool new updates and want to share them with you!
December 18, 2019
News on notificationsExtra, extra! Read all about it! This month was all about notification updates, as we improved messaging around security device health and PagerDuty capabilities.
November 12, 2019
Yummy pie chartsPartial to pumpkin? Pecan? Maybe even peach? Whatever your flavor palate, it’s the time of year for pies. Over at Expel, we’ve been working on pies of a different sort – pie charts. We hope you find them just as yummy. Learn more about the other tasty treats we’re serving up this month.
August 21, 2019
More alert detailsSummer is coming to a close, but our closed reasons are making their debut. In this release, we’ve added more details on why we’ve closed an alert, so it’s easier for you to see a snapshot of closed alert reasons and to dive into the details for a particular alert. While you’re diving in, you’ll find more information about all the steps we took during an investigation on the improved alert history tab.
July 17, 2019
Run the Assembler in AWSWe spilled the beans when we sent our quarterly release notes out, but for those that missed it (or are as excited as we are), you can now run the Assembler in AWS. We’re working on adding the self-service capability but in the meantime, reach out to your engagement manager to get things set up. Learn more about our other enhancements and updates.
June 4, 2019
Easier investigation searchIf you’d like to reference a past investigation, we’ve made it easier to so. We’ve updated the long 30+ character syntax with short names. To find an investigation, go to the Activity page and search using the new short name.
April 30, 2019
Security checksIt’s time for spring cleaning and some security updates. We’ve added additional monitoring to help detect data retention failures. We’ve also added a new field on the Security Device tab. You can now enter in your login credentials for your security tech.
April 17, 2019
New investigative featuresExport more data! We’ve expanded the investigative data available for export. We’ve also made it easier to share a file for us to review or to add to an investigative data. Read more to learn about these new features in further detail.
March 14, 2019
New ticketing optionsSkip waiting in line and get tickets delivered right to you. We’ve made an update to our ticketing integration so you can now sign up to receive notifications when an investigative action is assigned to your organization. Read on to learn how to opt-in to the notification.
February 26, 2019
The best documentation goes to the AssemblerThe shining star this release goes to our assembler on-boarding documentation. We’ve added the on-boarding documents into Workbench, so if you need to download an assembler, the step-by-step documentation is right where you need it. Tada!
February 12, 2019
And the winner goes to…The 61st GRAMMY Awards are in the books, but we’ve got some great hits to hear. In the notifications category, we’d like to introduce email notification for when an investigation is closed. Find out all the details related to when it closed, why it closed and who closed it. Read on to hear about the runner-ups like data export for investigation.
January 30, 2019
Winter wonderlandWhen snow clings to trees, it gives them a fresh look. It’s a minor adjustment but goes a long way with how the trees appear. We’ve made some minor updates to improve the user experience. Adding security devices is now easier to search and find the tech you’re looking to add. We’ve also added a display icon in the remediation actions to indicate the link will open a new tab.
January 15, 2019
Under the weather, we’ve got you coveredWe keep a watchful eye on your security devices and Assembler to make sure everything is on the up and up. If a device goes down, you can now receive notifications through Slack. Read on to learn more.
January 3, 2019
Kicking off the new year!We’re starting the new year with new integrations! We now integrate with ServiceNow and JIRA ticketing systems. You can add this new integration into your workflow from your My Organization page. When Expel assigns a remediation action to your organization, you’ll receive a ticket from your ticketing system.
December 5, 2018
Planes, trains and automobiles‘Tis the season for travel. Whether you’re visiting friends and family or enjoying the weekend Workbench is just a click away. We’ve updated the Workbench display to make it mobile friendly. Read on to learn more.
November 21, 2018
Short and sweetWe’re cooking up a new enhancement for the next release. In the meantime, we’re serving up some sides. In this release, we focused on tidying up a few things in Workbench. We’ve made updates to the scrolling functionality, the Data Viewer and design improvements.
October 31, 2018
No tricks, just treatsWe’ve got a few goodies for you this release. We’re continuing to make workflows easier so you can get back to what you love about security. Highlights for this release include easier device onboarding, count totals on the activity page and a new look for email notifications.
October 16, 2018
Email notifications — hold the cookie monsterIf you like to stay up-to-date through email notifications, we’ve got you covered. You can now sign up to receive notifications when a resilience recommendation is created or updated and when an analyst completes an action. We keep the emails short and to the point but if you need to reply, it will go to our SOC (we enjoy a good laugh, so images like cat pyjama-jam are welcomed). Read on to learn about the other enhancements (we’re looking at you Endgame customers).
October 4, 2018
Pumpkin spice editionPumpkin spice lattes (or as some people say, PSL) are back. If you missed the memo, we have a few things in this release to keep you up-to-date. If you’re a PagerDuty customer, you can now receive an automated call or text when an investigation escalates to a security incident. You can also update your settings to receive email notification when we assign new resilience recommendations to your organization.
September 20, 2018
Just to be clear …We’ve made a few enhancements to Workbench to keep things simple. To start, we’ve added a new feature that allows analysts to quickly review an alert before adding it to an investigation. We’ve also made some updates to the Alerts Grid and event timeline, so it’s clear what time we are referring to -- either the time the event occurred or when the vendor detected the event.
September 5, 2018
Look no further. Vendor alert information is here.By popular demand, we’ve added the vendor alert name to the Alerts Grid. You can now filter and search for high-priority alerts from your vendor devices, instead of just Expel alerts. And since you see what our analysts see - you’ll know what exactly we did with the alert. We’ve also added Microsoft Azure to our supported assemblers.
August 22, 2018
That was quick (and we’re not talking about summer)School supplies have consumed the seasonal shelves in stores, which means the end of summer is near. While it seems like we just kicked off grilling season, we’ve been busy making improvements to Workbench to make workflows easier and in turn faster. A few highlights of this release include a new date/time picker for investigative actions which defaults to five minutes before and after the vendor alert. We’ve also made it easier to assign remediation actions and for our engagement managers to deliver the most relevant resilience recommendations to your organization.
August 9, 2018
Spoiler alert! The alert analysis dashboard is live.No need to watch for post-credit scenes, we’re giving you all the details upfront. Check out our latest Workbench tips and tricks video to learn about all the features of our new dashboard. The Alerts Analysis dashboard is a beta release, so stay tuned for more updates.
July 25, 2018
Unlike Aquaman, you don’t have to wait for this release!We’re constantly adding to our “league” of partner integrations and we’re happy to announce our latest additions. We now support Devo (formerly Logtrust) and have expanded our Darktrace “via SIEM” integration to include Darktrace via Devo. We’ve also made some updates to our Endgame integration to support the latest version. Read on to learn more about our integrations and other action-packed enhancements.
July 10, 2018
Red, white and vroom!It’s that time of year - fireworks, sparklers, and road trips. Whether or not you took some time off to enjoy the holiday, there is no place quite like home. We’ve updated Workbench so you can now select your homepage - so every time you login, you arrive where you love most. Read more to learn about the latest release.
June 26, 2018
Marco! … Polo!Looking for a list of bug fixes? You’ve found them! In this release, we cleaned up a bunch of fixes so Workbench continues to be a pleasant user experience. We’ve also been hard at work on a couple of new features. Read on to find out what to expect in the upcoming weeks.
June 12, 2018
It’s a Triple CrownJustify may have the fame of becoming the thirteenth Triple Crown winner but in this release, we’re giving you three ways to save time. (So you can focus on what you love, even if that’s not horse races.) 1. The Hyper-V Assembler is now available for you to download and install yourself. 2. You can add research actions for investigations in a single click. 3. Quick filters now enable you to see what alerts occurred in the last 72 hours. To learn more about these time-saving features and the new integration enhancements with Sumo Logic and Splunk, read more.
May 29, 2018
Kicking off grilling seasonWe may not be able to help with that extra slider you had over the holiday weekend, but we can help you control how many alerts you download. Now you can select if you want all alerts or just Workbench alerts when you download alerts. Also, to keep pace with our previous release, we’ve added more investigative capabilities. To learn more about all the enhancements, read more.
May 17, 2018
The more, the merrierIt seems like there’s a new security product every day. And we’re continually adding network, endpoint and SIEM technologies to our integration list based on customer input. In this release, we’ve completed our integration with our first deception vendor, Attivo Networks, and our first network detection and response vendor, ProtectWise. We’ve also expanded our Palo Alto Networks investigation capability. Read on to learn about these new integrations, plus improvements to the alert investigation workflow and other UI enhancements.
April 24, 2018
Grab some popcorn – it’s movie time!It may not have as much action and adventure as this year’s leading box-office movie, Black Panther, but our new Workbench tips and tricks videos take less than three minutes of your time. Next time you log into Workbench you’ll see a new alert view - the alert grid. We’ve created two videos to help explain how to find an alert and the features and functionality of the new view. To check out the alert grid videos and learn about the other features in this release, read more.
April 10, 2018
Professor Plum, the candlestick, in the ballroom – see who did itWhile it’s fun to play detective to solve a mystery, it’s also time-consuming -- we’ve made some updates to make it is easier for you to see what took place and when in Workbench. The investigation and security incident page now includes who closed the investigation or incident and when it was closed. We’ve also made it easier to check the status of Workbench features.
March 27, 2018
A little spring cleaningWe’ve made multiple fixes to Workbench to keep it clean and tidy - like closing all alerts associated with an investigation when the investigation is marked closed. We’ve also made it easier for you to sort and filter through your alerts with the addition of a comma-separated (CSV) file export. Read more to learn about the tidying up we did with password reset and all the other updates.
March 13, 2018
You’ve got mail!If your idea of a good notification is an email in your inbox then this one’s for you! We’ve added two new email lists that you can subscribe to. One tells you when actions are assigned to your organization while the other updates you about security device health. Update the notifications settings in your profile to start receiving these notices. We’ve also made some other enhancements that’ll make it easier to tell when investigations occurred.
February 27, 2018
Status Update … it’s no longer complicatedWe’ve made several small changes to the way you update the status of an investigation or incident to make it easier to use. Now you don’t have to make that agonizing choice between Closed and Resolved at the end of an incident. We removed Resolved because it was not being used. We also added an Unknown option to all the dropdowns (except for Attack timing) for those times when the investigation findings are still unclear. Read on to learn more about it plus other enhancements that’ll simplify your workflow.
February 14, 2018
Things that make you go hmmmNo, we are not talking about the confusion around OAR at this years Olympics. (Psst: It’s not a new country, it stands for Olympic athletes of Russia.) We are referring to unusual remote desktop protocol (RDP) connections that our analysts are keeping an eye out for when they hunt in your environment. Attackers use this technique to move latterly, and we’ve added it to the list of techniques we look for while hunting in your environment. Not familiar with our hunting service? Reach out to your engagement manager for more details.
January 29, 2018
On the go? We’ve got you covered.For those times when security is top of mind… even when you’re on vacation (it’s okay, we do it too!) You’ll be happy to know that we’ve turned off IP whitelisting so you can log into Workbench even when you are not in the office. You can also sleep a bit easier knowing that you can change your own password. Bonus - the password can be 255 characters. We also fixed a few thing that previously might have made you do a double take - don’t worry the alert is closed and the actions are complete.
January 16, 2018
I spy with my little eye… a big list of little enhancementsIf things look a little different next time you login to the Workbench... but you can’t quite figure out why... that’s by design (heh!). We’re kicking off the new year with housekeeping. We’ve buttoned up (and straightened up) some of the lines and put things – like the reason investigations are closed – where you’d expect to find them (spoiler alert: on the investigation page). If you’re a picture straightener you’ll find lots to enjoy starting with the list of Fixed items, which is a real page turner scroller this week!
January 5, 2018
Security Advisory: Meltdown and Spectre VulnerabilitiesIn light of the recent CPU vulnerabilities that affect multiple CPU vendors, we wanted to give you an update on our internal response. Expel has assessed the risk introduced by the Meltdown and Spectre vulnerabilities and we’ve already begun patching our production infrastructure as well as all internal IT systems. While we’ve not seen any evidence of exploitation of these vulnerabilities in the wild, we believe it’s prudent to expedite this patching process.
January 2, 2018
Introducing the Expel Workbench status page“A watched pot never boils.” Or so the saying goes. That’s what we’re hoping. Because while you were (hopefully) out eating too much food and drinking eggnog or some other holiday favorite, our elves added a snazzy new status page that lets you see whether the Workbench is being naughty or nice. We’ve also fixed up the situation report so it’s easier to size up what’s going on. And -- as always -- we’ve stomped out a bunch of pesky issues.
December 18, 2017
Workbench email notifications and new tech integrations (“You better bring it.”)"Oh, it's already been broughten." There's a lot to cheer about in this week's release. Too much to fit in this summary, so make sure to scan through the complete notes for all the goodness. To begin, we're happy to announce email notifications from Workbench! No matter where you are, you’ll be alerted immediately via email when Expel has identified a new security incident or launched an investigation in your organization. You’ll also know when a remediation action or investigative action has been assigned to you. Expel notification emails have just enough detail to help you quickly decide if any action is necessary and if so, what action to take.
December 1, 2017
Just in time for the holidays — pie… charts!The main dashboard now includes a set of Activity metrics along the top that summarize everything going on in the Workbench for the past month... or week or quarter. Popping open the drawer displays the (fancy new) pie charts, shutting the drawer saves space but keeps the metrics in sight. The sharp-eyed might notice that we also changed the name of this dashboard to Situation Report, which is much more accurate.
December 1, 2017
New to Expel? Now you get a proper welcome!Remember what it was like to find your way in a new city before your smartphone was a GPS? Well... we’re not quite in GPS territory yet but we’ve added a new feature that delivers a stylish “Welcome” email when you create a new user account. It comes complete with instructions that guide users through the process of setting up their account.
November 4, 2017
Share the love… err work with new assignment optionsIf you like to collaborate, we think you’re going to love our new assignment options. They give you lots more flexibility to grab alerts you want to dig into on your own and assign them out to people on your team (or...if you’re thinking ‘why the heck did I want that alert’ you can just toss them back to us and be done with them). These new assignment options are also super helpful if you’re a Night Shift customer. We’ve also fixed a bunch of pesky nits and nats in this update. Oh...and you’ll notice we’re now using Tanium’s snazzy new logo.
October 20, 2017
Now supporting Zscaler integrationW00t! Expel support for the Zscaler platform is good to go, and we think that’s a pretty big deal. If you need help getting this configured, please contact your engagement manager. Also included in this release: when you create a new user, the system will now automatically specify the invite token instead of you having to puzzle over what that form field is for. The invite token is used to create the unique enrollment link that new users see in their welcome email.
October 6, 2017
Investigative actions are now editable (so there’s no excuse for typos)From views to device login credentials, we’ve got a bunch of new investigative action items in our October 6 release. You may remember we had a fix to remove the checkboxes from the security devices table, since we don’t have any bulk actions on security devices. If you find a need for bulk actions on security devices, please let us know.
September 22, 2017
New text fields for manual investigative actions provide documentation capabilityAs the title suggests, manual investigative actions now include text fields to capture the Reason for the action, the Outcome of the action, and the Closed reason (if the action won’t be performed). The outcome is required before completing the action.These changes help document the investigation and make our process more transparent. Also, the Manual > Other investigative action is gone and replaced by a free text field where you can create a custom action and give it any name you like.