Now that you have your device connected, here's a way to see Expel in action in your environment.

Create a new project with project ID starting with expeltestproject

Want to see what Expel does after we detect something that we can tell on our own is probably malicious?

Create a project whose ID starts with expeltestproject, and we produce an incident as if this were a malicious activity. You don’t have to put anything in the project.

Of course there’s nothing inherently malicious in creating a GCP project; this is just an easy way to simulate how Expel responds to actual malicious events.

Go ahead and try it out!

  1. Go to the GCP Cloud Resource Manager.

  2. Click Create Project.

  3. Give the project an ID that starts with expeltestproject. Project names in GCP must be globally unique, so try something like expeltestproject-x8yf92f, but vary the characters at the end, as that one’s already used!

  4. Fill in the billing account, organization, and a location that makes sense.

  5. Click Create.

    Within 10-15 minutes, you get an email from with the subject Findings ready for review.

  6. Click the link in that notification to see the kind of findings report we produce!


You can shut down the project immediately after creating it.