Spoiler alert! The alert analysis dashboard is live.

No need to watch for post-credit scenes, we’re giving you all the details upfront. Check out our latest Workbench tips and tricks video to learn about all the features of our new dashboard. The Alerts Analysis dashboard is a beta release, so stay tuned for more updates.


Alerts analysis dashboard

Let’s be transparent. We’ve added a new dashboard (Alerts Analysis) that provides metrics on how many alerts Workbench is seeing from your devices and what we’re doing with them (the token upside down triangle), as well as insights into how each device is performing. Check out the video below to see all the bells and whistles.

Filter incidents by resilience

On the Resilience dashboard, you can now click on the number of security incidents to see incidents associated with the recommendation. Clicking the incident number takes you to a custom-filtered view of the Activity > Security Incidents tab. To clear the filter and return to the default view, just click the Clear filter link.

Azure integration

Expel can now ingest specific Azure log analytic events to generate alerts and perform queries across stored log data. Interested in Expel monitoring your Azure infrastructure? Ask your engagement manager about our cloud early access program.

Other enhancements

  • We’ve added Started and Closed timestamps to the bottom of the investigation and security incident tiles. You can also click the History icon at the bottom left to see important timestamps as well as the user who performed the action.
  • Can you hear me now? We’ve updated Workbench email notifications so you can now reply. Have something to share? You can reach us at soc@expel.io.
  • Want to stay in the loop? We’ve added links on the User Profile page to subscribe to Workbench status updates and new Expel blog notifications. You can also check out our blog at https://expel.com/blog/.
  • The Alert Detail now includes the alert ID of the associated vendor alert.
  • We normalized the way we name our investigations by auto-populating the “Threat Detection” prefix for new investigations.
  • Timing is everything. We’ve added more timestamps to the data within Workbench to help track performance against our service level agreements.

Other fixes (and a few odds and ends)

  • We fixed a spacing issue on the Resilience Action tile.
  • We made our device health notifications easier to understand and action by surfacing the related error within the email.
  • We fixed an issue that was causing “Out of Memory” errors while querying for alerts from SIEM devices.
  • You look familiar. We fixed a problem where some alerts were shown as New after being added to an investigation.
  • Previously, the custom time range for Activity metrics would default to the current timestamp. We’ve changed this so the timestamps default to starting at 00:00:01 and ending at 23:59:59.