Now that you have your device connected, here is a simple way to see Expel in action in your environment.

Create a new Azure Automation Account with name expeltestautomation

Want to see what Expel does after we detect something that we can tell on our own is probably malicious?

Create an Azure Automation Account named expeltestautomation, and we produce an incident as if this were a malicious activity. You don’t have to do anything in the automation account.

Of course, there’s nothing inherently malicious in creating an automation account. This is just an easy way to simulate how Expel responds to actual malicious events.

Go ahead and try it out!

  1. Go to the Azure portal.

  2. From the top menu, select + Create a resource.

  3. Under Categories, select IT & Management Tools, and then select Automation.

  4. Click Create.

  5. Select a Subscription and Resource Group.

  6. Type the Automation account name expeltestautomation.

  7. Select a Region.

  8. Click Review + Create, then Create.

    Within 10-15 minutes, you get an email from with the subject Findings ready for review.

  9. Click the link in that notification to see the kind of findings report we produce!


You can delete the automation account immediately after creating it.