Step 1: Enable API Access for Expel
To integrate the technology with Expel, we need an enterprise admin on hand with access to Developer Console and Admin Console to build and authorize a "Custom App". If you're unsure, reach out to your Expel Customer Success Engineer or email email@example.com.
- Sign in to your Developer Console.
- Select Create New App.
- Select Server Authentication (Client Credentials Grant).
- Name your custom app Expel App and click Create App.
- Click Fetch Client Secret and make note of Client ID, and Client Secret, as you only see it 1 time.
- Select the app access level as App + Enterprise Access.
- Select the following application scopes:
- Read all files and folders stored in Box.
- Manage enterprise properties.
- On the Authorization tab, Review and Submit the app for authorization.
- The app status now reads Pending Authorization.
- Authorize the app through email or sign in to your Admin Console and click Apps from the top left side of the page.
- Under Custom Apps, find the app that was submitted and select Authorize App.
- Navigate to Account & Billing from the top left side of the page and take note of your Enterprise ID.
Step 2: Configure the technology in Workbench
Now that we have the correct access configured and noted the credentials, we can integrate Box with Expel.
- Log into https://workbench.expel.io.
- Navigate to Settings > Security Devices.
- At the top right of the page, select Add New Device.
- Search for and select Box.
- Select Expel Direct Cloud Service for the SIEM.
- Complete all fields using the credentials and information you collected in Step 1.
- Click Save.
After a few minutes, refresh the Security Devices page and you see your device status reporting as Healthy, or if there is an issue, you see details of what the issue may be.
To check if alerts are coming through, navigate to Alerts on the console page. Click the icon in the upper right to switch to grid view, then check the list for device alerts.