Look no further. Vendor alert information is here.

By popular demand, we’ve added the vendor alert name to the Alerts Grid. You can now filter and search for high-priority alerts from your vendor devices, instead of just Expel alerts. And since you see what our analysts see — you’ll know what exactly we did with the alert. We’ve also added Microsoft Azure to our supported assemblers.


Assembler for Windows Azure

Our assembler family is growing. We’ve added an assembler for Windows Azure. It’s now available for you to download and install yourself. Log into Workbench and navigate to Settings, then click on the Download Installer button. You’ll now see Azure as an available option.

Vendor alert information in Alerts Grid

Curious about what happened to high-priority alert? We’ve got you covered. You can now filter and search for vendor alerts in the Alerts Grid.

Clearer options for file acquisition

Data dilemmas — API or raw. We’ve improved how we explain file acquisition options when performing investigative actions. The default is now API mode since it’s appropriate in most situations. Now you can plug in your file path and go. If you’re not sure which mode is a better choice, we’ve added explanatory text to help you decide.

Other enhancements

  • In addition to Endpoint, Network, and SIEM device categories, you’ll also now see a Cloud category. This category includes Microsoft Azure, G Suite, Office 365, and other cloud applications.
  • We improved the micro-interactions on some of our information popups. We also made them easier to close.
  • Show me the detail! We’ve included more evidence to Cb Response Alerts. Now you’ll see things like child processes, file modifications, and network connections.
  • You’ll now see the UTC timestamp in addition to where the relative time is shown (“5 minutes ago”, etc).
  • We updated the display logic for the resilience recommendations hide/view feature. If a resilience recommendation is associated with an incident, it will show in the list.
  • We updated the Resilience dashboard View all modal. Now you’ll only see recommendations for the selected tab — either Disrupt attackers or Enable defenders.

Other fixes (and a few odds and ends)

  • We fixed an issue that was preventing new customers from seeing resilience recommendations in the Resilience dashboard.
  • Something’s not right. We fixed a peculiar display issue that caused every user to appear to have the same default homepage as the current user (for admin and manager roles). As a reminder, you can select your default in Workbench.
  • Some remediation notification emails were missing important information. This is fixed.
  • Deleted devices were not displaying correctly on the Alerts Analysis dashboard. We’ve fixed this.
  • We fixed a display problem with remediation actions. Newly created remediation actions were appearing at the bottom of the list instead of the top, and the timestamp was not correct.
  • We fixed an issue that was preventing the sort functionality on our investigation Timeline from working correctly.
  • In some cases setting a filter on the Data Viewer was not returning the correct results. We fixed this.
  • We fixed a problem on the Alerts Analysis dashboard where a tooltip kept hanging around when it was supposed to disappear.