Vendor alerts are the Expel-normalized representation of signal coming from integrations you connected to Workbench. Vendor alerts are signal in the form of alerts from security technologies such as endpoint detection and response (EDR) providers, next-gen firewalls (NGFW), or security information and event management (SIEM) systems. Vendor alerts can also include audit events produced by software Expel monitors. For example, AssumeRole events from AWS CloudTrail, or login events from Microsoft Azure AD, and so on.
Every vendor alert is associated with a specific security device in Workbench. Vendor alerts don’t have a status and we don’t assign them. Our detection engines evaluate vendor alerts to produce Expel alerts if they rise to the level of requiring additional attention.
Article is closed for comments.