Now that you have your device connected, here's a way to see Expel in action in your environment.
Create a new project with project ID starting with expeltestproject
Want to see what Expel does after we detect something that we can tell on our own is probably malicious?
Create a project whose ID starts with expeltestproject, and we produce an incident as if this were a malicious activity. You don’t have to put anything in the project.
Of course there’s nothing inherently malicious in creating a GCP project; this is just an easy way to simulate how Expel responds to actual malicious events.
Go ahead and try it out!
-
Go to the GCP Cloud Resource Manager.
-
Click Create Project.
-
Give the project an ID that starts with expeltestproject. Project names in GCP must be globally unique, so try something like expeltestproject-x8yf92f, but vary the characters at the end, as that one’s already used!
-
Fill in the billing account, organization, and a location that makes sense.
-
Click Create.
Within 10-15 minutes, you get an email from soc@expel.io with the subject Findings ready for review.
-
Click the link in that notification to see the kind of findings report we produce!
Tip
You can shut down the project immediately after creating it.