What's counted in your Expel usage

Nodes

Nodes

The number of nodes across all clusters.

Users

User count

The number of users that are not pending deletion in the organization's DUO account.

Note: We filter for users where the account status is not "pending deletion". See DUO admin users API.

Users

User count

The number of users that are not marked deleted in the organization's Google Workspace account.

Note: We filter for users that are not deleted by setting showDeleted as false. See Google workspace users list API.

Users

User count

The number of users that can sign in.

Note: We filter for users where the field accountEnabled is true. See Microsoft user properties.

Users

User count

The number of active users in the organization's Okta account.

Note: We filter for users where the account status is not deprovisioned (deactivated). See Okta user statuses.

Users

User count

The number of activated users in the organization's Onelogin account.

Note: We filter for users where status is not 0 (unactivated). See Onelogin user resource.

EC2

Compute

The number of running AWS EC2 instances for this account. This includes EC2 instances created by other AWS services, for example, Elastic Kubernetes Service (EKS).

Lambda

Compute

The number of unique lambdas for this account. This count is grouped by account, region, and lambda name.

Note: We're treating lambdas with the same name but different regions or accounts as separate lambdas because there can be differences in the security configurations and access to services in each region or account.

S3

Storage

The number of S3 buckets for this account.

RDS

Storage

The number of provisioned RDS instances for this account.

Virtual machines

Compute

The number of virtual machines and virtual machine scale sets in this Azure subscription.

Sites

Storage

The number of static sites in this Azure subscription.

Storage accounts

Storage

The number of storage accounts and compute disks for this Azure subscription.

SQL servers

Storage

The number of SQL virtual machines, SQL servers, and SQL databases in this Azure subscription.

Functions and App Services

Compute

The number of Functions and App Service Apps in this subscription.

App Engine

Compute

The number of App Engine applications in all projects.

Cloud function

Compute

The number of unique cloud functions when grouped by project ID, region, and function name.

Note: We're grouping functions with the same name that may be in a different region or account because there can be differences in the security configurations and access to services.

Compute instance

Compute

The number of compute instances in all projects and regions.

SQL admin

Storage

The number of Cloud SQL instances in all projects.

Storage

Storage

The number of Cloud Storage buckets in all projects.

On-prem resources

Endpoint

The number of hosts with a null Service Provider in CrowdStrike.

Machines

Endpoint

The number of endpoints that have been last seen within 30 days.

Note: We filter for machines where the onboardingStatus is “onboarded”. See machine resources API.

Endpoints

Endpoint

The number of endpoints that have been last seen within 30 days.

Agents

Endpoint

The number of agents that don't have a Cloud Provider of AWS, CDP, or Azure in SentinelOne. The number of endpoints that have been last seen within 30 days.

Sensors

Endpoint

The number of endpoints that have been last seen within 30 days.