Script: Export Expel Alerts with Evidence Fields¶
See the example script Export Expel Alert Evidence. This script will write a CSV containing timestamp of alert, expel alert name, vendor name, and associated evidence fields.
Script: Poll for new Incidents¶
See the example script Poll For New Incidents. This script will poll Expel Workbench for any incidents created in the past five minutes.
Script: Sync to JIRA¶
See the example script Jira Sync. This script will sync the following to JIRA from Expel Workbench:
- Investigative Actions details and outcome as sub tasks
- Investigation description, lead alert
- Investigative comments
- Incident findings
- Investigation status closed/opened
Script: Poll unhealthy devices¶
See the example script Poll For Unhealthy Devices. This script will poll Expel Workbench for any devices marked unhealthy in the past five minutes.
Script: Poll for investigation / incident changes¶
See the example script Poll For Investigaiton / Incident updates. This script will poll Expel Workbench for any updates to investigations or incidents in the past five minutes.
Script: Pretty Print Lead Expel Alert Evidence¶
See the example script Pretty Print Lead Expel Alert Evidence. This script will pretty print the Expel Alert details along with all correlated vendor evidences.