As you connect your devices to Workbench, you provide Workbench access to those devices through permissions in the devices. These permissions vary from one device technology to another, but we typically need at least Read access to your devices to pull in any logs from those devices into Workbench.

Without minimum permissions to your devices, the SOC analysts are limited in their insight into your technology. This can mean they surface more benign alerts to your team for further investigation, resulting in increasing the workload for your team, and resulting in alert fatigue.

If you grant Read access to your devices, we can investigate the device and the logs more deeply and surface relevant alerts to you in Workbench. Allowing Expel visibility into the console of your security devices helps our SOC analysts make better decisions on whether an alert is benign or malicious. It also allows our SOC analysts to perform health checks to make sure Workbench is not missing alerts from your security devices. Depending on what your organization purchased from Expel, the SOC analysts may even be able to contain and/or remediate the issues on your behalf.

Ultimately, the more permissions you can grant Workbench, the better and faster the SOC analysts can find and investigate alerts in your environment.