Vendor alerts represent signals coming from integrations you connected to Workbench. Vendor alerts are signals in the form of alerts from security technologies such as endpoint detection and response (EDR) providers, next-gen firewalls (NGFW), or security information and event management (SIEM) systems. Vendor alerts can also include audit events produced by software Expel monitors. For example, AssumeRole events from AWS CloudTrail, or login events from Microsoft Entra ID, and so on.

Every vendor alert is associated with a specific security device in Workbench. Vendor alerts don’t have a status and we don’t assign them. Our detection engines evaluate vendor alerts to produce Expel alerts if they rise to the level of requiring additional attention.