This article explains how to connect Palo Alto Networks SaaS Security to Workbench.
Step 1: Generate API credentials
This procedure creates an authentication that allows Workbench to access the Palo Alto Networks SaaS Security API.
-
In Palo Alto Networks SaaS Security API, select Settings > External Service.
-
Click Add Client App.
-
Type Expel for the API Client Name.
-
Authorize the Expel API client for these Scopes:
-
Log access
-
Incident management
-
Quarantine management
-
-
SaaS Security API shows a Client Secret. Write down the Client Secret and save it.
Note
You must have the Client Secret for the next step.
Step 2: Configure the technology in Workbench
Note
Expel secures all login information our SOC analysts need about your devices in a MFA password product. Access to this login information is protected using our internal MFA processes. To learn more about the IP addresses all Expel traffic comes from, go here.
-
In a new browser tab, log into https://workbench.expel.io.
-
On the console page, navigate to Settings and click Security Devices.
-
At the top right of the page, click Add Security Device.
-
Search for and select Palo Alto Networks SaaS Security.
-
For SIEM, select Expel Cloud.
-
Type the Server Name and Location.
-
For API ID, type Expel.
-
For API secret, type the secret generated in Step 1.
-
Select the SaaS Security server from the list.
-
-
You can provide console access now or set it up later. Use the instructions below to set it up later.
Comments
0 comments
Please sign in to leave a comment.