NIST CSF and Alert-to-fix timelines

Great news…NIST Cybersecurity Framework 2.0 is (finally) coming in 2024! Keep an eye out for updates

We didn’t acquire TikTok, but we’ve been making some major power moves of our own this past month. First up, we’ve introduced a new import/export functionality for our NIST CSF dashboard, making it easier than ever to align your cybersecurity strategy to the NIST framework! But the fun doesn’t stop there. We now have Alert-to-fix timelines on all the findings tabs for all incidents. Want to know how long it took from the alert to us providing a recommendation? We’ll tell ya.


Import/export functionalities added to the NIST CSF dashboard

Have you been tracking your NIST scores? Checking them twice? Well, now you can import those scores directly into the NIST CSF dashboard in Workbench. No longer do you need to manually input your Actual and Target scores across all five functional areas – just upload your scores via a CSV file. But wait – there’s more. Now, you can also export your scores right out of Workbench so you can drop them into a presentation and share across your organization. Still don’t know where to get started? Check out the NIST CSF self-scoring tool we released a while back – it’s the perfect spreadsheet to capture all your historical data and with one click, upload it to the NIST CSF dashboard right in Workbench.

Alert-to-fix timelines

In a further commitment to transparency, we’ve introduced an Alert-to-fix timeline at the bottom of all of our incidents. Jonesing to find out exactly when Expel first knew about an alert or how long it took us to provide you with a recommended fix? The Alert-to-fix timeline serves up this info. It also pulls some high-level detail about the lead alert into the view, making it easy to see how we detected the incident.

Other enhancements

  • We made styling and user experience improvements to the Situation Report dashboard.
  • We added the ability to get notified for Verify Actions via PagerDuty.
  • We added the ability to attach PagerDuty notifications for remediation actions to the same PagerDuty instance that was previously triggered by the Workbench incident. Now, you’ll get paged only when necessary.
  • The alert-to-fix timeline on the BEC Findings report now displays the vendor alert name instead of the Expel alert name. This update will provide more helpful context when reviewing the BEC Findings report.
  • We added the ability for Workbench users to opt in/out of notifications for the Notify Investigative Action type.
  • Workbench stopped displaying the investigation close reason as a comment for a brief period of time, but this issue has been fixed.
  • We added the ability to edit titles on previously created manual investigative actions to make it easier to fix any pesky typos.

Other fixes (plus a few odds and ends)

  • Some Verify Action Slack responses would fail to update if the user verifying the activity did not have an email account linked to their Slack account. This issue has now been fixed. Verify away!
  • We noticed when a Workbench user would delete an investigative action, the investigation History tab would attempt to display who deleted the action, but would fail to display the actual username. Since this behavior was not helpful, we’ve removed it from Workbench.
  • We fixed a case-sensitivity issue that disabled some Workbench users with upper case letters in their email address from logging in.
  • We fixed an issue that allowed multiple investigations to share the same lead Expel alert.
  • We fixed an issue in Slack that mistakenly allowed some URLs to appear as clickable links.
  • We fixed an issue that disabled completion percentage display on incident graphs.
  • We fixed an issue that disabled file download links on investigative actions.
  • We fixed an issue that prevented our Workbench analysts from being able to assign remediation actions to other Workbench users.
  • We fixed an issue that prevented users from accessing the Evidence Summary modal on the Investigative Actions tab.
  • We fixed an issue that prevented Workbench users from being able to select a closed reason category on investigations.
  • We fixed display and behavior issues with the custom range picker on the Activity page.
  • We fixed filtering behavior issues on the Investigative Actions tab.