Yummy pie charts

Partial to pumpkin? Pecan? Maybe even peach? Whatever your flavor palate, it’s the time of year for pies. Over at Expel, we’ve been working on pies of a different sort – pie charts. We hope you find them just as yummy. Learn more about the other tasty treats we’re serving up this month.


Styling adjustments to incident pie charts!

It’s satisfying to check the box once a task is completed, which is why we’ve updated the Remediation and Findings pie charts to display as green once complete. Now that’s pleasing to the eyes. Previously, the charts showed as red, which didn’t send the right visual clues to quickly see “the boxes where checked.”

Other enhancements

  • Email and Slack notifications for custom investigative actions now display the “Reason” and “Instructions” fields.
  • The Alert Grid now displays vendor alert time to help define instances when there are duplicate vendor alerts.
  • We noticed the close comment and critical comment input fields were hard to distinguish between the two. The critical comment input field will now remain disabled unless a user clicks the critical severity checkbox.
  • We’ve added a “Threat type” field to the Alerts CSV Export to help distinguish between network, endpoint, cloud, and other detection categories.
  • We’ve changed the “Suppressed alerts” label on the Alert Analysis Dashboard to “Top processed but excluded vendor alerts.” Why? So the label clearly conveys the meaning of these alerts in Workbench.
  • We’ve updated the automatic investigation naming in Workbench to display a specific name based on alert type.
  • We’ve improved our investigative action email notifications for automatic investigative actions. Now we’ll only send the “Data ready for analysis” email notification when data returned from automatic investigative actions are ready to be reviewed.
  • We’ve made updates to our CSV export date formats to make them Excel compatible.
  • We made improvements to the Alert Traffic line graph on the Alert Analysis Dashboard. Now you can hover over the data points to get additional alert context.
  • We’ve condensed the Remediation Actions dropdown menu to provide a better user experience.

Other fixes (and a few odds and ends)

  • Alerts added to investigations after being closed now inherit the investigation’s closed comment.
  • Our file upload button briefly disappeared from the Add Investigation modal, but we’ve fixed this issue.
  • Previously, when Workbench experienced failed plugins, we’d display a bug icon. Now, we’ll display the vendor name to provide context.
  • Some vendors offer multiple device types and it wasn’t easy to distinguish between the different devices in Workbench. We’ve made styling adjustments to fix this issue.
  • The placeholder text for our remediation actions took a short vacation, but we’re happy to say it has returned to Workbench.
  • The navigation menu in the top-right corner experience detachment issues from the user icon, which we’ve now fixed.
  • We fixed an issue that disabled users from updating org level notification preferences.
  • We’ve applied a fixed size to the critical reason field on incidents to resolve input display issues.
  • We’ve fixed navigation menu cut-off issues for our Workbench mobile display.
  • We’ve made changes to our API that now require email, first name and last name inputs when adding a new user to Workbench.
  • We’ve removed a backend handler that caused a failure in displaying certain investigations on the Involved Hosts tab.
  • Now, when you change the title of a closed investigation, you will not lose its closed reason when the investigation is reopened.
  • We’ve recently improved how things are categorized on the Alert Analysis Dashboard. Previously, we assumed that if an alert wasn’t an initial lead, it was considered a timeline event. Now, we know some alerts are closed, so we’ve updated it so only initial leads are reflected in the initial lead count on the dashboard.
  • Workbench now displays an error message when user logins fail for unknown reasons.