Expel has out-of-the-box integrations with many cloud, endpoint, SaaS, network, and SIEM technologies. This article lists direct and indirect integrations currently in progress, as well as completed integrations. Those not listed as direct require either sending logs to one of our supported SIEMs or network technologies. We also include a list of technologies we can use for hunting.
Note on Limited Availability: New integrations go through a period of Limited Availability before being made generally available.
In progress |
||
|---|---|---|
| Vendor technology | Version/product type | Target date |
| ObserveIT | UEBA | September 2021 |
| CyberArk | Endpoint | September 2021 |
| Netskope CASB | Network | September 2021 |
| Cybereason | Endpoint | October 2021 |
| Datadog | SIEM | October 2021 |
Cloud Infrastructure |
|
|---|---|
| Vendor technology | Security signal |
| Amazon Web Services (AWS) |
|
| Microsoft Azure |
|
| Google Cloud Platform |
|
| Lacework (Limited availability) |  AWS Workload Events |
| Prisma Cloud Compute (Limited availability) | Audit Events |
Endpoint |
Integration type |
|
|---|---|---|
| Vendor Technology | Direct | Via SIEM |
| VMware Carbon Black EDR | |
— |
| VMware Carbon Black Cloud | |
— |
|
Check Point - AV, Anti-Bot, SandBlast Agent (Limited availability) |
— | Sumo Logic |
|
Cisco AMP |
|
— |
|
CrowdStrike Falcon |
|
— |
|
CylancePROTECT AV |
|
— |
|
Elastic Endpoint Security (formerly Endgame) |
|
— |
|
FireEye HX |
|
— |
|
Microsoft Defender for Endpoint |
|
— |
|
Palo Alto Network Cortex XDR Pro |
|
— |
|
SentinelOne |
|
— |
|
Symantec Endpoint Protection |
— | Exabeam Data Lake Splunk Sumo Logic |
|
Tanium Core |
|
— |
|
Wazuh (Limited availability) |
|
— |
Network |
Integration type |
|
|---|---|---|
| Vendor Technology | Direct | Via SIEM |
|
Attivo BOTSink |
— | Splunk Sumo Logic |
|
Cisco ASA (Limited availability) |
— | Splunk Sumo Logic |
|
Cisco FirePower |
— | Splunk Sumo Logic |
|
Cisco Meraki |
— | Splunk Sumo Logic |
|
Cisco Umbrella |
|
— |
|
DarkTrace |
|
— |
|
Forcepoint Web Filter |
— | Exabeam |
|
Fortinet FortiGate |
— |
|
|
iBoss (Limited availability) |
— | Splunk |
|
McAfee IDS (Limited availability) |
— | Exabeam Data Lake |
|
Palo Alto Firewall |
|
— |
|
Palo Alto Networks Prisma Access |
|
— |
|
ProtectWise |
|
— |
|
Signal Sciences WAF |
|
— |
|
Zscaler1 |
— |
|
1 Requires the Nanolog Streaming Service (NSS), a virtual machine that must be hosted by the customer. Zscaler requires customers to use NSS to transport data from the customer’s Zscaler instance to a SIEM.
SIEM |
Type of support |
|
|---|---|---|
| Vendor Technology | Investigative source* | Detection source** |
|
Azure Log Analytics |
|
— |
|
DEVO |
|
— |
|
Elastic (Limited availability) |
|
|
|
Exabeam Advanced Analytics (UBA) |
|
|
|
Exabeam Data Lake |
|
— |
|
IBM QRadar |
|
|
|
IBM QRadar on Cloud (QRoC) |
|
|
|
Microsoft Azure Sentinel |
|
|
|
Securonix (Limited availability) |
|
|
|
Sumo Logic Cloud SIEM Enterprise |
|
|
|
Sumo Logic Enterprise |
|
— |
|
Splunk Core |
|
— |
|
Splunk Enterprise Security |
|
|
|
Varonis (UEBA) - (Limited availability) |
|
|
|
Wazuh (Limited availability) |
|
|
* Expel can query this SIEM to get more information to support the investigations of alerts coming from other sources.
** This SIEM generates alerts that Expel can use to add detection value.
S
SaaS apps |
Integration type |
|
|---|---|---|
| Vendor Technology | Direct | Via SIEM |
|
Box (Limited availability) |
|
— |
|
Dropbox |
|
— |
|
Duo |
|
— |
|
GitHub |
|
— |
|
G Suite |
|
— |
| Microsoft Azure AD | |
— |
| Microsoft Cloud Application Security (includes Defender for Identity) | |
— |
| Microsoft Office 365 (includes Azure AD) | |
— |
|
Okta |
|
— |
|
OneLogin |
|
— |
| SaaS Security formerly Prisma SaaS (Limited availability) | |
— |
Hunting |
Availability |
|
|---|---|---|
Endpoint |
||
|
Vendor Technology |
Yes |
Via SIEM |
|
VMware Carbon Black EDR |
|
|
|
VMware Carbon Black Cloud |
|
|
|
CrowdStrike Falcon |
|
|
|
Elastic Endpoint Security (formerly Endgame) |
|
|
Cloud Infrastructure |
||
|
Vendor Technology |
Yes |
Via SIEM |
|
Amazon Web Services (AWS) |
|
|
| Azure | |
|
Network |
||
|
Vendor Technology |
Yes |
Via SIEM |
|
Cisco ASA VPN |
|
|
|
Palo Alto Networks |
|
|
SaaS apps |
||
|
Vendor Technology |
Yes |
Via SIEM |
|
Duo |
|
|
|
G Suite |
|
|
|
Microsoft Office 365 |
|
|
|
Okta |
|
|
|
OneLogin |
|
|
Comments
0 comments
Please sign in to leave a comment.