After your device is connected, you can perform a test to see Expel in action in your environment.
Create an Azure Automation Account named expeltestautomation
, and we'll produce an incident as if this were malicious activity. You don’t have to do anything in the automation account.
There's nothing inherently malicious in creating an automation account; this is just an easy way to simulate how Expel responds to actual malicious events.
To create a test alert:
-
Log in to the Azure portal.
-
From the top menu, select + Create a resource.
-
Under Categories, select IT & Management Tools, and then select Automation.
-
Select Create.
-
Select a Subscription and Resource Group.
-
Type the Automation account name
expeltestautomation
. -
Select a Region.
-
Select Review + Create, then Create.
Within 10-15 minutes, you get an email from soc@expel.io with the subject line "Findings ready for review".
-
Select the link in that notification to see the findings report.
Note
You can delete the automation account immediately after creating it.