On the go? We’ve got you covered.

For those times when security is top of mind… even when you’re on vacation (it’s okay, we do it too!) You’ll be happy to know that we’ve turned off IP whitelisting so you can log into Workbench even when you are not in the office. You can also sleep a bit easier knowing that you can change your own password. Bonus – the password can be 255 characters. We also fixed a few thing that previously might have made you do a double take – don’t worry the alert is closed and the actions are complete.


IP Whitelisting is turned off

Good news for all of our frequent travelers and folks who can’t resist checking Workbench while on vacation (you know who you are) – no more IP whitelisting. We originally implemented whitelisting as a security precaution during our Flagship program. Now that we’re ready to go live with our 24×7 service on February 1st, we’ve turned off IP whitelisting.

Change your own password

Do you have a great new password in mind? We’ve made it easier for you to change your password every 90 days – lickety split. Just look for Change password in your User Profile to update it. Passwords can be a maximum of 255-character (strong!) and you can select Show password to double check what you’ve typed.

Acquire triage package

If you have FireEye HX deployed, we’ve added a new capability to acquire triage packages from a Workbench investigation. All you need is the alert ID, which you can find in the Vendor Message of the Initial Lead.

Here’s how to acquire a triage package:


Here’s how to find the alert ID:

Other enhancements:

  • Poof! When you close an alert from the Alerts screen, it will now disappear from view with a quick and tasteful animation.
  • To make sure you don’t accidently delete your fellow co-workers profile, we’ve added a confirmation box to the delete user function. As a reminder, only users with the Customer Manager role can create and delete users.
  • We’ve implemented additional security around password verification to thwart brute force attempts.
  • Investigations on the Situation Report dashboard or the Activity page display a clearer messaging for the closed reason. Investigations that are closed because they are false positive will say so, and you’ll see any remarks the investigator added.
  • Previously, when you viewed the Activity > Security Incident or Activity > Investigations tabs, they were often empty. This was because the filters defaulted to Past week. Now when you click on these tabs you will see All time ranges and All statuses. So by default you’ll see everything, and you can filter down from there as needed.
  • After 10 unsuccessful login attempts, you will now see a message on the login page telling you to try again in five minutes.


  • Fixed the alignment on the left side of the Investigative Actions screen.
  • Fixed a problem that prevented the investigation link from appearing in the alert detail for an alert in the Investigating status.
  • Fixed an issue that caused there to be two empty messages in the Alerts Detail when there were zero pivot alerts.
  • Fixed an incorrect cursor icon that appeared in the manual upload investigative action.
  • Fixed the text wrap inside the resilience recommendation tile. Long URLs now stay inside the box instead of trying to wander off screen. We also made the dropdown menu indent so it’s consistent with the rest of the UI.
  • Moved the arrow dropdown menu in the Assembler tiles and the Resilience Recommendation tiles to the top right, to make them consistent with the rest of the UI.
  • Corrected the styling of the Add one links for remediations and resilience on the Findings tab. They look like links now, instead of just text.
  • Fixed a display issue that caused the same bulleted list in two different places to use different bullet styles.
  • Fixed a display issue on our Maintenance page – which you’ll hardly ever see, we promise! – that caused the text to migrate at narrower browser widths.
  • Fixed a problem on the Resilience dashboard that caused recommendations to display twice and were incorrectly associated with an incident.
  • Fixed a wrapping problem that caused the investigation name to intersect the assignment icon on the Activity > Actions board.
  • Fixed a problem that caused Add Investigation to fail in some circumstances.
  • Fixed a problem that prevented timeline events from getting a Created by entry.
  • Fixed a lag problem in the investigations screen that made it look like actions were not closed when the investigation was closed.