Creating an Expel connection

Using API Token

To create the connection you need:
  • A Token

Obtaining the credentials

  1. Log in to Workbench.
  2. In the side menu, navigate to Organization Settings > Service Accounts. If you have multiple organizations, you must select the appropriate organization name from the list.
  3. Select Add Service Account.
  4. Name the Service account.
  5. Select the appropriate role for this service account.
Admins can access all API calls, while analysts can perform non-administrative actions like completing investigations or sending remediation actions but cannot perform administrative tasks like adding context or users.
  1. To enable read-only API access for the service account, select the Read-only Access checkbox.
  2. In the new service account, select Generate API Key.
Only users with API access can view this page and generate API keys.
  1. Enter a name for the API key, then select Next.
  2. Copy the API key and save it to a safe place (this is the only time you can view your API key), then select Done.

Creating your connection

  1. In the Blink platform, navigate to the Connections page > Add connection. A New Connection dialog box opens displaying icons of external service providers available.
  2. Select the Expel icon. A dialog box with name of the connection and connection methods appear.
  3. (Optional) Edit the name of the connection. At a later stage you cannot edit the name.
  4. Select API Token as the method to create the connection.
  5. Fill in the parameters:
    • The Token
  6. (Optional) Click Test Connection to test it.
  7. Click Create connection. The new connection appears on the Connections page.