Tip
This article was accurate at the time of writing, but changes happen. If you find the instructions are outdated, leave a description in the comment field below and let us know!
Step 1: Generate API credentials
This procedure creates an authentication that allows Workbench to access the Palo Alto Networks SaaS Security API.
-
In Palo Alto Networks SaaS Security API, select Settings > External Service.
-
Click Add Client App.
-
Type Expel for the API Client Name.
-
Authorize the Expel API client for these Scopes:
-
Log access
-
Incident management
-
Quarantine management
-
-
SaaS Security API shows a Client Secret. Write down the Client Secret and save it.
Note
You must have the Client Secret for the next step.
Step 2: Configure the technology in Workbench
-
In a new browser tab, log into https://workbench.expel.io.
-
On the console page, navigate to Settings and click Security Devices.
-
At the top right of the page, click Add Security Device.
-
Search for and select Palo Alto Networks SaaS Security.
-
For SIEM, select Expel Cloud.
-
Type the Server Name and Location.
-
For API ID, type Expel.
-
For API secret, type the secret generated in Step 1.
-
Select the SaaS Security server from the list.
-
-
You can provide console access now or set it up later. Use the instructions below to set it up later.
Comments
0 comments
Please sign in to leave a comment.