Skip to main content
 

Tip

This article was accurate at the time of writing, but changes happen. If you find the instructions are outdated, leave a description in the comment field below and let us know!

Step 1: Generate API credentials

This procedure creates an authentication that allows Expel to access the Palo Alto Networks SaaS Security API.

  1. In Palo Alto Networks SaaS Security API, select Settings > External Service.

  2. Click Add Client App.

  3. Type Expel for the API Client Name.

  4. Authorize the Expel API client for these Scopes:

    • Log access

    • Incident management

    • Quarantine management

  5. SaaS Security API shows a Client Secret. Write down the Client Secret and save it.

    mceclip1.png

    Note

    You must have the Client Secret for the next step.

Step 2: Configure the technology in Workbench

  1. In a new browser tab, log into https://workbench.expel.io.

  2. On the console page, navigate to Settings and click Security Devices.

  3. At the top right of the page, click Add Security Device.

    Button_Add_security_Device.png
  4. Search for and select Palo Alto Networks SaaS Security.

  5. For SIEM, select Expel Cloud.

    mceclip2.png
    • Type the Server Name and Location.

    • For API ID, type Expel.

    • For API secret, type the secret generated in Step 1.