We’ve made a few enhancements to Workbench to keep things simple. To start, we’ve added a new feature that allows analysts to quickly review an alert before adding it to an investigation. We’ve also made some updates to the Alerts Grid and event timeline, so it’s clear what time we are referring to — either the time the event occurred or when the vendor detected the event.
New
Health support across all cloud devices
We’ve added the device health for Azure, G-Suite, Office 365, Okta, and OneLogin to the Alerts Analysis Dashboard. If you’re a cloud early access customer, you’ll see the updates in your dashboard. If you’re not in the early access program but are interested in learning more, reach out to your engagement manager.
Improved investigation workflow
We’ve added a new feature to make it easier to view the alert details before tagging it to an event. Alerts may have similarities that are not easy to distinguish from the details in the search results, so we’ve added a button to the search results that will allow you to open the alert in a new browser tab. From the Add To modal in the alert details, you’ll see the button when you hover over the alert.
Other enhancements
- We’ve added a search bar to the Security Incidents tab and the Investigations tab on the Activity page. Now you can now search incidents or investigations instead of scrolling through the list.
- We updated the First Seen column to Vendor Alert Time in the Alerts Grid.
- We updated our event timeline so it now displays the time the event occurred instead of the vendor alerted on the event.
Other fixes (and a few odds and ends)
- We noticed some of the font sizes weren’t consistent, so we did some font clean up.
- We updated how we handle device retrying errors that are categorized as fatal.
- We fixed an issue where some investigative actions queries would run for hours and then secretly fail. No more failing and no more secrets.