Expel
Expel is a Managed Detection and Response (MDR) security services provider that offer continuous monitoring, threat detection, and incident response services to help organizations protect themselves from cyber threats.
Creating an Expel connection
Using API Token
To create the connection you need:
- A Token
Obtaining the credentials
Log in to Workbench.
In the side menu, navigate to Organization Settings > Service Accounts. If you have multiple organizations, you must select the appropriate organization name from the list.
Select Add Service Account.
Name the Service account.
Select the appropriate role for this service account.
Admins can access all API calls, while analysts can perform non-administrative actions like completing investigations or sending remediation actions but cannot perform administrative tasks like adding context or users.
To enable read-only API access for the service account, select the Read-only Access checkbox.
In the new service account, select Generate API Key.
Only users with API access can view this page and generate API keys.
Enter a name for the API key, then select Next.
Copy the API key and save it to a safe place (this is the only time you can view your API key), then select Done.
Creating your connection
- In the Blink platform, navigate to the Connections page > Add connection. A New Connection dialog box opens displaying icons of external service providers available.
- Select the Expel icon. A dialog box with name of the connection and connection methods appear.
- (Optional) Edit the name of the connection. At a later stage you cannot edit the name.
- Select API Token as the method to create the connection.
- Fill in the parameters:
- The Token
- (Optional) Click Test Connection to test it.
- Click Create connection. The new connection appears on the Connections page.