We may not be able to help with that extra slider you had over the holiday weekend, but we can help you control how many alerts you download. Now you can select if you want all alerts or just Workbench alerts when you download alerts. Also, to keep pace with our previous release, we’ve added more investigative capabilities. To learn more about all the enhancements, read more.
New
Reporting enhancement
The choice is yours. When using the Download CSV function on the Alerts page you can now select to download every alert we’ve ingested or just Workbench alerts. By default, you’ll get everything. If you only want Expel alerts, simply uncheck Include vendor alert details before you click Download.
More space to work
Need a bit more room to view data? We’ve got you covered. When you navigate to the investigation Timeline or Data Viewer screens, you’ll see a new icon button on the top right of the table. Clicking the button puts the table into a full-screen view, pushing the banner and side navigation out of the way to make more room for data analysis. Want to go back to the normal view? Just click the button again.
New investigative capabilities
- If you are a Palo Alto Networks user, our analysts can now Query file and Query user.
- We’ve also expanded our investigative actions. The Data Viewer can now display results from five more investigative actions: Query netflow, Query IP, Persistence listing, Query user, and Query domain.
A better way to add findings
We’ve improved how Workbench handles findings. The first change you’ll see is the Add Findings button (replacing the Manage Findings link that was there before). Clicking on Add Findings will append a new finding form right on the page, at the bottom. But don’t worry! You can drag and drop findings to put them in the order you want. Simply hover over the finding to see the move, add, and delete icons. You can drag and drop from anywhere in the top part of the finding. Clicking the Edit icon will put you in edit mode right on the page – and don’t forget, all the edit fields in Workbench support markdown for text formatting. Clicking the Delete icon will give you the option to delete the finding from the list.
Other fixes (and a few odds and ends)
- Bust a move. We noticed one of the dropdown filters on the Activity > Actions board was changing position when clicked. This is now fixed.
- For Firefox users, we fixed a tab display problem that occurred when viewing Workbench.
- Fixed a problem that caused an error when a user tried to remove an alert from the investigation timeline.
- We fixed a formatting issue in the Investigate modal on the Alerts page that caused some of the links to stay underlined after being clicked. I know, horrors! But all the little things add up, so we like to fix ’em.
- In the same vein, we discovered that some of our buttons didn’t have rounded corners, but they do now.
- Ready for launch? We are now. We fixed an issue that prevented users from launching an investigation after selecting additional alerts from the Pivots tab.
- Fixed a display problem in the Investigate modal that caused a flash on Save.
- Also, the transition between investigation and incident in the Investigate modal was missing a slide animation effect, which we added in for extra niceness.
- Can you see me now? We fixed a display issue where the Activity navigation item wasn’t highlighted in some places where it should have been.
- We fixed some inaccurate wording in the confirmation message when you add alerts to an investigation.