Automation and configurability: anyway you want it, that’s the way you need it

Expel release notes for March 2023

Sometimes our release notes revolve around a theme. This time, though, we were just helpful kinda all over the darned place.

Let’s get to it, then….

Automatically remove malicious emails from Office 365 with Expel Phishing

We can now automatically remove malicious emails from user inboxes and move them into the “Deleted Items” folder for phishing customers using Office 365.

Related: How Expel does remediation

Stronger organizational context to enrich Workbench detections

All users can now see, add, update (and delete) important context about their organizations in Workbench. Organizational information context can then be used by our bots, Josie™ and Ruxie™. Josie uses this context to make the right call on what to do with the signal coming in from an environment. The context is also used by Ruxie to power automated remediations. SOC analysts and the bots then use the context for real-time decision support and situational awareness during all alert investigation and handling.

Less clutter and better sorting for the Security Device page

Users can now show or hide columns on the Security Device page to make sorting data easier. Hide the “Vendor,” “Name,” “Location,” “Status,” “GUID,” “Assembler,” and “Created At” fields to refine your focus.


Updates to the side panel history tab

We updated the side panel history tab to make Device Health easier to read and process. Here’s what we changed:

  • The device timeline now shows a red triangle icon to denote an unhealthy connection. This gives users a better visual cue that something isn’t right with the device.
  • To show human-made changes, we’ve introduced a “hide device status” filter, which hides all health status updates on the timeline and only shows fields that were manually adjusted.

Three new integrations: Slack, Microsoft Intune, and ExtraHop

As part of our bring-your-own-technology approach, we now support integrations with Slack, Microsoft Intune, and ExtraHop.

For more information, please see:

Conditional notifications: customize what and how you’re notified

We’ve added properties to our notifications that provide users more granularity on the notifications they’re actually receiving. Users can now customize which notifications are sent and who gets them.

Set up auto-host containment using server or workstation categories

Workbench now supports Always or Never Contain lists by using the asset type noted in their EDR tool. Customers will now be able to apply automation rules to groups of assets, simplifying management.