While it’s fun to play detective to solve a mystery, it’s also time-consuming — we’ve made some updates to make it is easier for you to see what took place and when in Workbench. The investigation and security incident page now includes who closed the investigation or incident and when it was closed. We’ve also made it easier to check the status of Workbench features.
New
Enhanced status page
In the spirit of transparency, we’ve made the Workbench status page open to the public. In this release, we’ve updated the page to provide even more visibility by providing the status of individual Workbench features such as; investigative actions, email notifications, and alert ingestion.
See who closed the investigation
The information icon on the investigation or security incident page contains details about who created the investigation and when it was created. Now it also includes who closed the investigation and when it was closed.
Assignment filter on alerts
We’ve added a new assignment filter on the Alerts screen so you can narrow your view to alerts assigned to Expel or to your own organization. By default, you’ll see all assigned alerts.
Other fixes (and a few odds and ends)
- Fixed a display issue that caused the sidebar in investigations and incidents to end before the bottom of the page
- Fixed an issue where nameless investigations could be created from alerts. The investigation name is now required
- Fixed an issue that caused an investigation to fail to upgrade to a security incident when the Detection tag was set to Expel
- Fixed a problem where no results were returned in the Assign To dropdown in some situations
- Fixed two issues in the Situation Report > Activity metrics where counts were being calculated based on a misleading timestamp, and closed incidents were being counted as Closed (Other) investigations
- Fixed an issue on the Resilience dashboard where the progress pie charts didn’t reflect the proportion of completed recommendations
- Fixed a problem on the Add Investigative form where there was no feedback that an action was being created. Now you’ll see a spinner in the Save button on click