Maddy Settle
SSOLoginPageMockup-ShortTerm_NewPattern.jpg

History Tab Improvements

Expel History Tab Improvements

Responsibilities:

Research & interviews; information architecture; mockups & interactive prototypes; usability testing; presenting to internal teams for feedback; working with developers on final styles; etc.

Timeline:

1 week initial research
7 weeks design/iteration

Other Contributors:

Jasper Tom (UX collaborator representing the SOC); Patrick Duffy (Product Manager); Daren McCulley (Engineering Manager)

For my second project at Expel, we tackled improvements to the History tab that shows up on alerts, investigations, and incidents. Some prior research by fellow UXer Jasper Tom uncovered some negatvie sentiment from our Security Operations Center (SOC) analysts on the existing feature. Some key quotes included “the history tab can get a little claustrophobic”; “it’s kind of like its own language”; and “it’s confusing and weird.” We heard from Engagement Managers that customers were not using it nearly enough, or if they were, they were unhappy with the level of data provided. For a company that prides itself on transparency, this was a page where we had a lot of room to improve.

The final product

I started this project by digging deep into the existing feature and pulling many real-life examples, interviewing some of our EMs, and reviewing previous research that was related to the History tab. My key takeaways included the page feeling hard to skim and having lots of repetition, passive language adding to mental load, links taking a user to a separate page and causing them to fully lose their place, and an overall lack of data around actions performed by our SOC analysts. I then began gathering inspiration and putting together mockups. I created an interactive prototype that we used for usability testing.

While this project had a visual refresh element, it was much more focused on data and information architecture.

One of the first things I tackled was to propose a new format for the existing data that used active language rather than passive language. I also looked into where things could be consolidated - for example, if an analyst closed three investigative actions at once, we could consolidate those into one dot on the timeline and avoid repetitive explanations. There was also a good chunk of data missing in terms of actions that our SOC analysts were performing while investigating something in the customer’s environment. A huge piece of this project for the engineers was capturing those actions, and I worked closely with Jasper, the UX designer embedded on the Analyst Experience team, to ensure that we were formatting those actions properly.

Allowing users to stay on the page when clicking on relevant links kept them from losing context.

The timeline on the history page could get pretty long, and the existing feature had links that would take the user away from the page, causing them to lose their spot. I introduced a drawer with the relevant information so that they could see more details for a timeline entry without having to leave and come back. This received a lot of positive feedback from customers and internal users alike.

This feature went early access at the beginning of November, 2023, and went full GA at the end of that same month. Comparing the six months before the updates to the six months after the updates, the history tab account adoption rate went up by 4%. There were some suggestions that came out of usability testing that were unfortunately deprioritized - including renaming the feature from “history” to “timeline,” allowing users to filter & sort the data, and finding a better way to differentiate multiple alerts within one investigation or incident. I believe those changes may have improved adoption of this feature even more than what we saw, which was a modest increase in usage.

Feedback

On the feature:

“The fact that that blade comes right over is perfect - that we don’t have to be leaving this page and coming back.” - Expel customer (IT Manager of Incident Response)

“I’m really happy to see that you’re putting in more detail as far as the investigation goes” - Expel customer (Senior Information Security Analyst)

““Fire on top of fire” for that feature is an understatement.” - Expel Engagement Manger

On my work:

“Massive, huge, amazing job by Maddy in wrangling a lot of complexity to make it a lot easier for customers to understand and appreciate the work and expertise being applied to everything our SOC touches on their behalf.” - Expel Product Manager

The original history tab feature before the improvements made with this project

The final feature with the contextual drawer open on the side.

A piece of my Figma file that shows updates to wording order and condensing actions made by Ruxie, one of Expel’s automation tools.

This mockup included changes that were inspired by user research findings, including sorting & filtering at the top of the page, and more clear wording for the name of the feature itself. Unfortunately, these changes deprioritized.