We’ve been busy here at Expel, and we’re excited to share two cool new features that we recently added to Workbench: a NIST CSF dashboard and a Critical Alert category.
Highlights
New NIST CSF dashboard drops in Workbench!
We got lots of great feedback on the downloadable NIST CSF self-scoring tool we launched a while back. So much in fact that we decided to add it to Workbench as a new dashboard. It makes aligning your cybersecurity strategy to NIST CSF framework easier than ever! Now, you can edit, comment and track your actual and target NIST CSF scores, as well as your priorities, across all five functional areas right in Workbench! The dashboard is a great tool to help communicate your security needs and strategies. It’s included for all Expel customers. Pretty cool, indeed!
Introducing critical alerts
We’ve added a new alert severity to Workbench. Now, when an alert surfaces in Workbench that contains information indicating harmful activity, our rules engine will tag the alert as “Critical” and give our SOC a heads up that it’s a priority.
Other enhancements
- We’ve added an assignment filter to the Investigations and Incidents pages that allows you to filter between items assigned to you, your organization or Expel.
- We’ve improved the content presentation of the “Security Device Health: Connection Refused” email notification to help you better assess next steps.
- We’ve updated our default email notifications for new Workbench users. Now, when a new user is created, they’ll automatically receive emails for “New investigation opened/closed” and “Assembler connection lost/restored.”
- We’ve removed manual investigations and incidents from counts on the Alert Analysis dashboard. Now, you can analyze data specifically relevant to alerts coming into Workbench.
Other fixes (plus a few odds and ends)
- We fixed a validation bug that prevented Workbench users from being able to create “File listing” investigative actions.
- We fixed a bug that caused alert detail display issues on the Pivot tab.
- Organization Analysts are now able to edit their user settings in Workbench.
- When users configure the PagerDuty integration, the configuration link will open in a new browser tab so the user experience isn’t disrupted.
- We’ve made styling adjustments to tables in Workbench to help users better distinguish between sortable and non-sortable columns.
- When users selected multiple alerts via the Alerts grid and attempted to create an investigation, the “Save” button to create the investigation would require multiple clicks in order to successfully create. This issue has now been fixed.
- The “Preview” button that would enable users to view markdown friendly inputs was broken, but this issue has now been fixed.
- We’ve made the “Alert Details” modal on the Alerts grid draggable once again.
- We’ve fixed an issue that disabled unlocking users via the dropdown menu on the Users grid.
- We’ve fixed a bug that disabled editing Assemblers via the Assembler dropdown menu.
- Workbench users will no longer have the option to attempt to upload files on certain investigative actions that didn’t support file uploads.
- Sometimes Workbench would fail to close alerts when users clicked the “Close” button. To successfully close the alert, users would have to manually refresh the page and try again. This issue has now been fixed.
- Sometimes we’re not the best at maths. In this case, our Security Device Health email notifications would display incorrect calculations for problems that were detected beyond a week of when the notification was sent.