We keep a watchful eye on your security devices and Assembler to make sure everything is on the up and up. If a device goes down, you can now receive notifications through Slack. Read on to learn more.
We kicked off the year with our ticketing integration, and now we’re happy to announce a new Slack integration. With this integration, you’ll receive a Slack notification when your Assembler goes down or if one of your security devices becomes unhealthy. The notification will be sent to the specified channel and explain what steps you can take to resolve the issue. Reach out to your engagement manager to configure the integration … they certainly won’t slack on getting you set up!
- We updated the Data Viewer so you can filter columns containing boolean data.
- Previously, the Activity > Security Incidents tab showed critical incidents first, regardless of which sort filter was selected. Sometimes this resulted in older critical incidents being displayed ahead of newer less critical incidents. We’ve changed this behavior so security incidents of all severities are sorted.
- We’ve added severity filtering to the What we’re alerting on table on the Alerts Analysis dashboard. This allows you to see a list of the top high-, medium-, or low-severity Expel alerts in a given period.
- You can update your notification settings in Workbench from our mobile view.
- We’ve updated our Assembler email notification to include steps to follow if your Assembler loses connection.
Other fixes (and a few odds and ends)
- We’ve noticed that some expired tasks were showing up as “completed” despite having no “completed” task executions. We’ve made adjustments to the task workflow to fix this.
- The alert details display has been improved to prevent poor wrapping behavior on the Alerts classic page.
- We made some copy updates.
- We fixed an issue on the investigative timeline that would incorrectly display a failure to close message when alerts were properly closing.
- On the Alert Analysis dashboard, the Expel alerts by severity graph had scaling issues. This has been resolved.
- We updated our reset password flow so it’s no longer email case sensitive.
- We removed the redundant vendor column from the Alert Analysis dashboard’s Device detail view.