Expel release notes for March 2023
Sometimes our release notes revolve around a theme. This time, though, we were just helpful kinda all over the darned place.
Let’s get to it, then….
Automatically remove malicious emails from Office 365 with Expel Phishing
We can now automatically remove malicious emails from user inboxes and move them into the “Deleted Items” folder for phishing customers using Office 365.
Related: How Expel does remediation
Stronger organizational context to enrich Workbench detections
All users can now see, add, update (and delete) important context about their organizations in Workbench. Organizational information context can then be used by our bots, Josie™ and Ruxie™. Josie uses this context to make the right call on what to do with the signal coming in from an environment. The context is also used by Ruxie to power automated remediations. SOC analysts and the bots then use the context for real-time decision support and situational awareness during all alert investigation and handling.
Less clutter and better sorting for the Security Device page
Users can now show or hide columns on the Security Device page to make sorting data easier. Hide the “Vendor,” “Name,” “Location,” “Status,” “GUID,” “Assembler,” and “Created At” fields to refine your focus.
Updates to the side panel history tab
We updated the side panel history tab to make Device Health easier to read and process. Here’s what we changed:
- The device timeline now shows a red triangle icon to denote an unhealthy connection. This gives users a better visual cue that something isn’t right with the device.
- To show human-made changes, we’ve introduced a “hide device status” filter, which hides all health status updates on the timeline and only shows fields that were manually adjusted.
Three new integrations: Slack, Microsoft Intune, and ExtraHop
As part of our bring-your-own-technology approach, we now support integrations with Slack, Microsoft Intune, and ExtraHop.
For more information, please see:
- Slack: Slack setup guide and detection strategy
- Microsoft Intune: setup guide and detection strategy
- ExtraHop: setup guide and detection strategy
Conditional notifications: customize what and how you’re notified
We’ve added properties to our notifications that provide users more granularity on the notifications they’re actually receiving. Users can now customize which notifications are sent and who gets them.
Set up auto-host containment using server or workstation categories
Workbench now supports Always or Never Contain lists by using the asset type noted in their EDR tool. Customers will now be able to apply automation rules to groups of assets, simplifying management.