1. Expel Support Center
  2. Connect your technology
  3. Network integrations

Guardicore setup for Workbench

  • Updated

This article explains how to connect Guardicore to Workbench.

In this article

Step 1: Enable console access

Having read-only access to the interface of your technology allows Expel to dig deeper during incident investigations. Our device health team uses this access to investigate potential health issues with your tech.

Note

Expel secures all login information our SOC analysts need about your devices in a MFA password product. Access to this login information is protected using our internal MFA processes. To learn more about the IP addresses all Expel traffic comes from, go here.

  1. Login to Guardicore Centra and navigate to Administration > User Management > Users and then click + Add User.

  2. Fill in the fields as follows:

    • For Username type Expel.

    • Leave the Email Address field blank.

    • The Description field is optional. You can leave it blank if you want.

    • For Permission Scheme select Administrator.

    • Create a Temporary Password.

      Caution

      Do NOT select "Enable 2-Step Verification."

      Do NOT select "Enable user to view passwords used in security incidents."

  3. Click Save.

  4. Login to Guardicore Centra using the user credentials you just created and set a new Password. Make a note of the new password for later use.

Step 2: Connect your technology with Workbench

Now that we have the correct access configured and noted the credentials, we can integrate your tech with Workbench.

  1. In a new browser tab, login to https://workbench.expel.io/settings/security-devices?setupIntegration=guardicore.

  2. Fill in these fields:

    mceclip3.png

    • For Name type Expel API Access.

    • For Location type the geographic location of the server (or "cloud" for cloud servers).

    • For Server type the server URL address.

    • For Username type the username you created in Step 1.

    • For Password type the new (not temporary) password you created in Step 1.

  3. Click Save.

You can see if the device is healthy on the Security Devices page. It may take a few minutes to see the device listed as healthy.

To check if alerts are coming through, navigate to the Alerts Analysis page. Scroll to the device you want to check and click View alerts. Switch to grid view, then check the list for device alerts. It can take 36 to 72 hours for alerts to appear after setup, as we tune your device.

Tip

This article was accurate at the time of writing, but changes happen. If you find the instructions are outdated, leave a description in the comment field below and let us know!

  • Was this article helpful?

  • 1 out of 1 found this helpful

Related articles