Script: Export Expel Alerts with Evidence Fields¶
See the example script Export Expel Alert Evidence. This script will write a CSV containing timestamp of alert, expel alert name, vendor name, and associated evidence fields.
Script: Poll for new Incidents¶
See the example script Poll For New Incidents. This script will poll Expel Workbench for any incidents created in the past five minutes.
Script: Sync to JIRA¶
See the example script Jira Sync. This script will sync the following to JIRA from Expel Workbench:
- Investigative Actions details and outcome as sub tasks
- Investigation description, lead alert
- Investigative comments
- Incident findings
- Investigation status closed/opened
Script: Poll unhealthy devices¶
See the example script Poll For Unhealthy Devices. This script will poll Expel Workbench for any devices marked unhealthy in the past five minutes.
Script: Poll for investigation / incident changes¶
See the example script Poll For Investigaiton / Incident updates. This script will poll Expel Workbench for any updates to investigations or incidents in the past five minutes.