Dive into Ruxie workflows


Investigative workflows

Ruxie helps our analysts reduce the investigation time frame by pulling additional context. We’re passing this functionality along to you and your team.  When interesting things pop up on your end, you can access these workflows to do things like pull IP information, get the login history for a user or summarize a user’s recent activity in your cloud platform.

AWS onboarding wizard

Speaking of speed, we made onboarding an Amazon Web Services (AWS) device easier! Our goal is to make onboarding simple and feedback showed that setting up an AWS device wasn’t always easy-peasy. So we’re happy to announce our first onboarding wizard to help simplify the onboarding process by providing guided steps.

Other enhancements

More visibility

We’ve added our lookout and suppression rules into Workbench. You’re now able to see these custom rules in Settings > Custom Rules.


We’ve added new integrations to the list. Want to see all our current integrations? Check out this document. 

Network integrations

  • Fortigate via Securonix
  • Forcepoint Web Filter vis Exabeam
  • Prisma Access
  • Zscaler via Azure Sentinel

SIEM integrations

  • Sumo Logic Cloud SIEM Enterprise

New hunt technique

We’ve added a new hunt technique.  The tl;dr is attackers can use overly permissive (external) application grants to leverage persistent access into Azure or GSuite environments.  This new technique looks for this activity.

Check out this page to learn more about our Expel Hunting service.

Other fixes (and a few odds and ends)

Gmail phishing button

Our report potential phishing button didn’t get an initial hook with the latest version of Gmail. We fixed it, so your users are only one click away from reporting suspicious emails.

Workbench optimization

We noticed Workbench took longer to load than what you’re used to, so we did some query optimizations to speed things up.