This article explains how to connect Network Detection and Response to Workbench.
Step 1: Enable console access
This procedure creates a user account for Expel that keeps Expel activity separate from other activity on the Network Detection and Response console.
-
Settings > User Management > Add User.
-
For First Name type Expel.
-
For Last Name type SOC.
-
For Email type soc+<Your_Organization_Name>@expel.io.
Note
Yes, the "+" sign is part of the email address, and it's important. Click here to find out why. -
Type a Password.
-
Select Admin as the role.
Step 2: Enable API access for Expel
This procedure creates an authentication token that allows access to the Network Detection and Response API.
Create the API token for the ‘soc+<Your Organization Name>@expel.io’ Account
Reference: https://api.protectwise.com/momfodhxhz/getting_started.html
-
Make a POST request to https://api.protectwise.com/api/v1/token
{ "email": "john.doe@protectwise.com", "password": "MyPassword!" }
-
You receive a response with your token.
{ "token": "john.doe@protectwise.com@@a45ec285-22d2-48af-b75c-9688f71a9eac" }
For example
curl -H "Content-Type: application/json" -d '{"email":"john.doe@protectwise.com","password":"MyPassword!"}' https://api.protectwise.com/api/v1/token
Make note of the token used next for registration within Workbench.
Step 3: Configure Network Detection and Response in Workbench
-
In a new browser tab, log in to https://workbench.expel.io.
-
On the console page, navigate to Settings and click Security Devices.
-
At the top right of the page, click Add Security Device.
-
Search for and select Network Detection and Response.
-
For Name type the host name of the Network Detection and Response device.
-
For Location type the geographic location of the appliance.
-
For Token type the generated in step 2.
-
-
You can provide console access now or set it up later. Use the instructions below to set it up later.