Stopped Ingesting Microsoft Defender for Identity
Update - We are continuing to monitor for any further issues.
Jun 16, 2025 - 16:13 EDT
Monitoring - As part of a previously communicated Microsoft deprecation, Expel is no longer ingesting Microsoft Defender for Identity alerts (via the Microsoft Defender for Cloud Apps integration). Any customers who have onboarded a Microsoft Defender XDR device have coverage and alerts are being processed.

We recommend that customers who have the Microsoft Defender for Cloud Apps integration, but have not yet onboarded Microsoft XDR to Workbench, complete the onboarding as soon as possible (https://support.expel.io/hc/en-us/articles/38928860545299-Microsoft-Defender-XDR-Setup-for-Workbench).

Please contact your Customer Success Manager if you need assistance with onboarding or if you have additional questions.
Apr 28, 2025 - 10:34 EDT
Service Update: Wiz Alert Status Syncing
Identified - On May 19, Wiz made a change to its API that impacted Expel’s ability to sync alert statuses from Workbench back to Wiz. As a result, we have temporarily disabled the status syncing feature while we work on a fix.

Importantly, this issue does not affect Expel’s ability to deliver MDR services for Wiz. Workbench continues to ingest alerts from Wiz as expected, and our SOC is actively monitoring and responding to those alerts.

We’re actively collaborating with Wiz to update the integration and restore status syncing functionality. While we don’t have a specific timeline to share yet, we’ll provide an update as soon as the fix is deployed and syncing is re-enabled.

Thank you for your understanding.
Jun 11, 2025 - 13:13 EDT
Workbench availability Operational
Workbench global network connectivity Operational
Workbench login Operational
Workbench features Operational
Investigative actions Operational
File uploads Operational
Notifications Operational
Email Operational
Slack Operational
Teams Operational
Ticketing systems (via email, such as Jira) Operational
PagerDuty Operational
Opsgenie Operational
ServiceNow Operational
Assembler connectivity Operational
Alert ingestion Operational
Slack channels for customers Operational
Phishing submissions Operational
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance

Scheduled Maintenance

Database maintenance Jul 11, 2025 05:00-05:30 EDT

We will be undergoing routine maintenance between 05:00 - 05:30 ET on July 11. During the maintenance window, there is no anticipated downtime.

All notifications and alerts will be processed during the maintenance window. We will be updating the way we connect to the database. If something goes wrong, we will revert the way we connect to the database in a couple of minutes. This has been tested in staging with no downtime.

This will improve the reliability and speed of the site and API.
Posted on Jul 03, 2025 - 17:08 EDT
System Metrics Month Week Day
Workbench global network connectivity ?
Fetching
Workbench availability ?
Fetching
Jul 6, 2025

No incidents reported today.

Jul 5, 2025

No incidents reported.

Jul 4, 2025

No incidents reported.

Jul 3, 2025

No incidents reported.

Jul 2, 2025

No incidents reported.

Jul 1, 2025

No incidents reported.

Jun 30, 2025

No incidents reported.

Jun 29, 2025

No incidents reported.

Jun 28, 2025

No incidents reported.

Jun 27, 2025

No incidents reported.

Jun 26, 2025

No incidents reported.

Jun 25, 2025

No incidents reported.

Jun 24, 2025

No incidents reported.

Jun 23, 2025
Alert ingestion via assemblers delayed
Resolved - The incident has been resolved, and all previously-available assemblers are once again fully available.
Jun 23, 16:04 EDT
Monitoring - We have implemented a fix and believe the incident to be resolved. We are monitoring the health of the infrastructure as individual assemblers come back online, and will resolve this if there are no outstanding issues. Please let us know if you are experiencing any problems. We will provide another update by 4:30pm EDT.
Jun 23, 15:50 EDT
Update - We have identified a further cause and are working on a remediation. Individual assemblers are coming back online. Alert ingestion via some assemblers continues to be delayed. SOC operations are not affected. We will provide another update by 12:30 EDT.
Jun 23, 11:32 EDT
Update - We have identified a further cause and are working on a remediation. Individual assemblers are coming back online. Alert ingestion via some assemblers continues to be delayed. SOC operations are not affected. We will provide another update by 11:30 EDT.
Jun 23, 10:31 EDT
Update - We have identified a further cause and are working on a remediation. Alert ingestion via some assemblers continues to be delayed. SOC operations are not affected. We will provide another update by 10:30 EDT.
Jun 23, 09:30 EDT
Update - We have identified a further cause and are working on a remediation. Alert ingestion via some assemblers continues to be delayed. SOC operations are not affected. We will provide another update by 9:30 EDT.
Jun 23, 08:42 EDT
Update - We have identified a further cause and are working on a remediation. Alert ingestion via some assemblers continues to be delayed. SOC operations are not affected. We will provide another update by 8:30 EDT.
Jun 23, 08:08 EDT
Update - We are continuing to work on a fix for this issue.
Jun 23, 08:07 EDT
Update - We have identified the root cause and are working on a remediation. Alert ingestion via some assemblers continues to be delayed. SOC operations are not affected. We will provide another update by 8:00 EDT.
Jun 23, 07:47 EDT
Update - We have identified the root cause and are working on a remediation. Alert ingestion via some assemblers continues to be delayed. SOC operations are not affected. We will provide another update by 7:30 EDT.
Jun 23, 07:00 EDT
Identified - We have identified the root cause and are working on a remediation. Alert ingestion via some assemblers continues to be delayed. SOC operations are not affected. We will provide another update by 7:00 EDT.
Jun 23, 06:30 EDT
Investigating - At approximately 4am EDT, we began experiencing a problem with our assembler VPN system that is preventing alerts from being ingested through assemblers. Alert ingestion is delayed for some devices behind an assembler. We will provide an update by 6:30am EDT.
Jun 23, 05:51 EDT
Scheduled Infrastructure Maintenance
Completed - The scheduled maintenance has been completed.
Jun 23, 04:00 EDT
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.
Jun 23, 03:00 EDT
Scheduled - We will be undergoing routine maintenance between 03:00 - 04:00 ET on June 23rd. During the maintenance window, Assemblers may be intermittently unavailable or slow.

All notifications and alerts will be processed during the maintenance window, but may be affected by intermittent delays.
Jun 16, 16:31 EDT
Jun 22, 2025

No incidents reported.

Incident History Powered by Atlassian Statuspage