1. Expel Help Center
  2. Auto Remediations
  3. Get Started with Auto Remediations

Enable an Auto Remediation in Workbench

Expel offers a variety of auto remediations for specific devices. For more information and a list of available auto remediations, see About Auto Remediations. Auto remediations are configured by going to Organization Settings > My Organizations > Auto Remediations tab.

Prerequisites

  1. You must have an Expel Admin role in Workbench, as auto remediations are enabled at the organization level.
  2. You must meet all other prerequisites that are required for your specific device (additional prerequisites will be listed in the guides linked in Step 1 on this page).

Quick Links

Setup involves the following steps (select any step for detailed instructions):

  1. Prepare the Vendor Device(s)
  2. Enable the Auto Remediation in Workbench

Step 1: Prepare the Vendor Device(s)

The first step is to follow the setup guide for the specific auto remediation + device(s) you wish to enable. The guides show you how to set up the device properly on the vendor side in preparation for the auto remediation. 

Remember that the auto remediation will only work if you have first completed the associated device setup guide(s).

Before You Begin

  1. Make sure to follow the setup guide that is specific to your auto remediation, as device setup instructions are unique to each auto remediation.
  2. Know that you may need to complete more than one device setup guide. For example:
    • If you have more than one device that will have an auto remediation enabled, you will need to complete a setup guide for each device.
      Example: To enable Auto Disable Account for both GitHub and Google Workspace, you will need to complete both the GitHub Auto Disable Account and Google Workspace: Auto Disable Account setup guides.
    • If you wish to enable more than one auto remediation on a particular device, you will need to complete more than one setup guide for that device. 
      Example: To enable both Auto Disable Account and Reset Credentials for Office 365, you will need to complete both the Office 365: Auto Disable Account and Office 365: Reset Credentials setup guides.
  1. Remember that auto remediations are not yet available for all devices; if a device setup guide does not exist for a particular auto remediation, that auto remediation cannot be enabled for the device.

Locate And Complete Your Setup Guide(s)

  1. Go to the list of auto remediations setup guides in the Help Center and select the setup guide(s) for the auto remediation + device(s) you wish to set up.
  2. Follow all steps in each setup guide.
  3. Return to this page and continue to the Step 2 section to finish the setup process.

Step 2: Enable the Auto Remediation in Workbench

Next, you will enable the auto remediation in Workbench and specify your preferred device(s). 

  1. Log in to Workbench.
  2. In the side menu, navigate to Organization Settings > My Organizations
    • If you have multiple organizations, you must also select the appropriate organization name from the list.
  3. Scroll down and select the Auto Remediations tab.
  4. Locate the auto remediation you wish to enable and hover over it, then select the pencil icon to edit it.
  5. In the Step 1 section:
    • You should have already completed this step by using the guides linked in Step 1 above. 
    • If not, follow the instructions in your setup guide(s) and return to this section to complete the remaining steps.
  6. In the Step 2 section:
    • Choose the specific device(s) you would like this auto remediation to apply to (you may choose multiple devices).
    • The SOC analysts will only run this auto remediation on the device(s) you set as preferred, so be sure to check your selections carefully.
    • If applicable, review the setup and note additional permissions required before opting in to manual fallback for eligible auto remediations. Manual fallback is available for customers with Pro Support or MDR Premium Pro tier. With manual fallback enabled, in the event that an automated action fails and Expel has console access, our SOC will attempt to manually perform remediation. 

Note

Your choices apply to this auto remediation only; you may choose other preferred devices for other auto remediations. The devices shown in the dropdown menu will vary based upon what you have configured in Workbench and which auto remediation you are enabling.

  1. In the Step 3 section:
    • Create an allow or deny list (optional; varies by auto remediation) by utilizing context labels. If you do not wish to create a deny list, continue to the next step.
    • If you need to edit the existing context labels in some way, contact support for assistance.
  2. In the Step 4 section: 
    • Use the link to review Expel’s terms and conditions.
    • Select the Enable checkbox.
  3. Select Save.
  4. Repeat all of these steps to configure additional auto remediations.
    • Make sure you have set up your devices as instructed in Step 1 before enabling additional auto remediations in Workbench.

The auto remediation is now enabled and active. If we are unable to complete an auto remediation and you do not have manual fallback configured, the action will be assigned to you for completion as a manual remediation in Workbench. If you have manual fallback configured, we will first attempt the action manually. If we are unable to complete the action via the security device console, the action will be assigned to you with an explanation of why we could not complete it ourselves.

Related articles