Expel status is Operational

Tue 17
Wed 18
Thu 19
Fri 20
Sat 21
Sun 22
Mon 23
now
Ticketing systems (via email, such as Jira)
Tue 17
Wed 18
Thu 19
Fri 20
Sat 21
Sun 22
Mon 23
now

Expel Assembler connectivity

Tue 17
Wed 18
Thu 19
Fri 20
Sat 21
Sun 22
Mon 23
now

Expel Alert ingestion

Tue 17
Wed 18
Thu 19
Fri 20
Sat 21
Sun 22
Mon 23
now

Expel Phishing submissions

Tue 17
Wed 18
Thu 19
Fri 20
Sat 21
Sun 22
Mon 23
now
Last updated 1 minute ago from official status page. Learn more
Stay ahead of Expel outages
Sign up to create a custom dashboard to monitor the services you rely on. 3,000+ services supported.

Active Incidents

Service Update: Wiz Alert Status Syncing
Started 11 Jun 2025 17:13:10 (13 days ago), still ongoing
Minor Incident
Identified
Ticketing systems (via email, such as Jira)

On May 19, Wiz made a change to its API that impacted Expel’s ability to sync alert statuses from Workbench back to Wiz. As a result, we have temporarily disabled the status syncing feature while we work on a fix.

Importantly, this issue does not affect Expel’s ability to deliver MDR services for Wiz. Workbench continues to ingest alerts from Wiz as expected, and our SOC is actively monitoring and responding to those alerts.

We’re actively collaborating with Wiz to update the integration and restore status syncing functionality. While we don’t have a specific timeline to share yet, we’ll provide an update as soon as the fix is deployed and syncing is re-enabled.

Thank you for your understanding.

Stopped Ingesting Microsoft Defender for Identity
Started 28 Apr 2025 14:34:29 (2 months ago), still ongoing
Minor Incident
Monitoring
Alert ingestion

As part of a previously communicated Microsoft deprecation, Expel is no longer ingesting Microsoft Defender for Identity alerts (via the Microsoft Defender for Cloud Apps integration). Any customers who have onboarded a Microsoft Defender XDR device have coverage and alerts are being processed.

We recommend that customers who have the Microsoft Defender for Cloud Apps integration, but have not yet onboarded Microsoft XDR to Workbench, complete the onboarding as soon as possible (https://support.expel.io/hc/en-us/articles/38928860545299-Microsoft-Defender-XDR-Setup-for-Workbench).

Please contact your Customer Success Manager if you need assistance with onboarding or if you have additional questions.

Expel Office 365 Phishing button
Started 17 Mar 2025 14:03:35 (3 months ago), still ongoing
Minor Incident
Identified
Phishing submissions

Microsoft is rolling out deprecation of legacy Exchange tokens that may prevent your users from being able to report emails using the Expel custom Office 365 Phishing button.

Expel is working on development and testing of an updated Expel O365/M365 Phishing button for web and desktop applications that will work with the NAA authentication scheme.

Until Expel is able to deploy the newly developed Phishing button, you should follow the instructions from Microsoft (https://learn.microsoft.com/en-us/office/dev/add-ins/outlook/turn-exchange-tokens-on-off) to enable legacy tokens for your tenant. It can take up to 24 hours for this change to take effect.

Contact support if you need assistance with this process.

Recently Resolved Incidents

Alert ingestion via assemblers delayed
Started 23 Jun 2025 09:51:38 (23 hours ago), resolved 23 Jun 2025 20:04:36 (13 hours ago)
Minor Incident
Resolved
Assembler connectivity
Alert ingestion

At approximately 4am EDT, we began experiencing a problem with our assembler VPN system that is preventing alerts from being ingested through assemblers. Alert ingestion is delayed for some devices behind an assembler. We will provide an update by 6:30am EDT.

Expel Outage Survival Guide

A step-by-step guide to help you survive a Expel outage
NaN%

    Expel Components

    Tue 17
    Wed 18
    Thu 19
    Fri 20
    Sat 21
    Sun 22
    Mon 23
    now

    Expel Workbench availability

    Tue 17
    Wed 18
    Thu 19
    Fri 20
    Sat 21
    Sun 22
    Mon 23
    now
    Workbench global network connectivity
    Tue 17
    Wed 18
    Thu 19
    Fri 20
    Sat 21
    Sun 22
    Mon 23
    now
    Workbench login
    Tue 17
    Wed 18
    Thu 19
    Fri 20
    Sat 21
    Sun 22
    Mon 23
    now

    Expel Workbench features

    Tue 17
    Wed 18
    Thu 19
    Fri 20
    Sat 21
    Sun 22
    Mon 23
    now
    Investigative actions
    Tue 17
    Wed 18
    Thu 19
    Fri 20
    Sat 21
    Sun 22
    Mon 23
    now
    File uploads
    Tue 17
    Wed 18
    Thu 19
    Fri 20
    Sat 21
    Sun 22
    Mon 23
    now

    Expel Notifications

    Tue 17
    Wed 18
    Thu 19
    Fri 20
    Sat 21
    Sun 22
    Mon 23
    now
    Email
    Tue 17
    Wed 18
    Thu 19
    Fri 20
    Sat 21
    Sun 22
    Mon 23
    now
    Slack
    Tue 17
    Wed 18
    Thu 19
    Fri 20
    Sat 21
    Sun 22
    Mon 23
    now
    Teams
    Tue 17
    Wed 18
    Thu 19
    Fri 20
    Sat 21
    Sun 22
    Mon 23
    now
    Ticketing systems (via email, such as Jira)
    Tue 17
    Wed 18
    Thu 19
    Fri 20
    Sat 21
    Sun 22
    Mon 23
    now
    Service Update: Wiz Alert Status Syncing
    Started 11 Jun 2025 17:13:10 (13 days ago), still ongoing
    Minor Incident
    Identified
    Ticketing systems (via email, such as Jira)

    On May 19, Wiz made a change to its API that impacted Expel’s ability to sync alert statuses from Workbench back to Wiz. As a result, we have temporarily disabled the status syncing feature while we work on a fix.

    Importantly, this issue does not affect Expel’s ability to deliver MDR services for Wiz. Workbench continues to ingest alerts from Wiz as expected, and our SOC is actively monitoring and responding to those alerts.

    We’re actively collaborating with Wiz to update the integration and restore status syncing functionality. While we don’t have a specific timeline to share yet, we’ll provide an update as soon as the fix is deployed and syncing is re-enabled.

    Thank you for your understanding.

    PagerDuty
    Tue 17
    Wed 18
    Thu 19
    Fri 20
    Sat 21
    Sun 22
    Mon 23
    now
    Opsgenie
    Tue 17
    Wed 18
    Thu 19
    Fri 20
    Sat 21
    Sun 22
    Mon 23
    now
    ServiceNow
    Tue 17
    Wed 18
    Thu 19
    Fri 20
    Sat 21
    Sun 22
    Mon 23
    now

    Expel Assembler connectivity

    Tue 17
    Wed 18
    Thu 19
    Fri 20
    Sat 21
    Sun 22
    Mon 23
    now
    Alert ingestion via assemblers delayed
    Started 23 Jun 2025 09:51:38 (23 hours ago), resolved 23 Jun 2025 20:04:36 (13 hours ago)
    Minor Incident
    Resolved
    Assembler connectivity
    Alert ingestion

    At approximately 4am EDT, we began experiencing a problem with our assembler VPN system that is preventing alerts from being ingested through assemblers. Alert ingestion is delayed for some devices behind an assembler. We will provide an update by 6:30am EDT.

    Expel Alert ingestion

    Tue 17
    Wed 18
    Thu 19
    Fri 20
    Sat 21
    Sun 22
    Mon 23
    now
    Stopped Ingesting Microsoft Defender for Identity
    Started 28 Apr 2025 14:34:29 (2 months ago), still ongoing
    Minor Incident
    Monitoring
    Alert ingestion

    As part of a previously communicated Microsoft deprecation, Expel is no longer ingesting Microsoft Defender for Identity alerts (via the Microsoft Defender for Cloud Apps integration). Any customers who have onboarded a Microsoft Defender XDR device have coverage and alerts are being processed.

    We recommend that customers who have the Microsoft Defender for Cloud Apps integration, but have not yet onboarded Microsoft XDR to Workbench, complete the onboarding as soon as possible (https://support.expel.io/hc/en-us/articles/38928860545299-Microsoft-Defender-XDR-Setup-for-Workbench).

    Please contact your Customer Success Manager if you need assistance with onboarding or if you have additional questions.

    Alert ingestion via assemblers delayed
    Started 23 Jun 2025 09:51:38 (23 hours ago), resolved 23 Jun 2025 20:04:36 (13 hours ago)
    Minor Incident
    Resolved
    Assembler connectivity
    Alert ingestion

    At approximately 4am EDT, we began experiencing a problem with our assembler VPN system that is preventing alerts from being ingested through assemblers. Alert ingestion is delayed for some devices behind an assembler. We will provide an update by 6:30am EDT.

    Expel Slack channels for customers

    Tue 17
    Wed 18
    Thu 19
    Fri 20
    Sat 21
    Sun 22
    Mon 23
    now

    Expel Phishing submissions

    Tue 17
    Wed 18
    Thu 19
    Fri 20
    Sat 21
    Sun 22
    Mon 23
    now
    Expel Office 365 Phishing button
    Started 17 Mar 2025 14:03:35 (3 months ago), still ongoing
    Minor Incident
    Identified
    Phishing submissions

    Microsoft is rolling out deprecation of legacy Exchange tokens that may prevent your users from being able to report emails using the Expel custom Office 365 Phishing button.

    Expel is working on development and testing of an updated Expel O365/M365 Phishing button for web and desktop applications that will work with the NAA authentication scheme.

    Until Expel is able to deploy the newly developed Phishing button, you should follow the instructions from Microsoft (https://learn.microsoft.com/en-us/office/dev/add-ins/outlook/turn-exchange-tokens-on-off) to enable legacy tokens for your tenant. It can take up to 24 hours for this change to take effect.

    Contact support if you need assistance with this process.