This guide helps you identify system-generated notification messages from Expel that appear in Microsoft Teams. We show you the information the messages contain, how to respond to Expel through Microsoft Teams, how to know whether or not your message is received, and what to do about it.
Expel security monitoring tracks many moving parts at the same time. Many events, such as a security device going offline or an investigation being opened, trigger an immediate notification message. The notification can arrive in one or more ways: email, ticket, Slack, and so on. If you'd like to know more about your options for how your organization receives notification messages from Expel, you can read the Notification systems article.
In this case, your organization uses Microsoft Teams, so the message arrives in a Microsoft Teams channel. If you'd like to know more detail about how Expel communicates with your organization's Microsoft Teams instance, you can read the Microsoft Teams integration guide.
Your organization shared a Microsoft Teams channel with Expel. Notification messages from Expel appear in this channel. If you're not sure which channel that is, speak with your internal Microsoft Teams administrator.
The easiest way to identify an Expel notification message is by the sender. Our notifications are delivered by Ruxie, our trusty messaging bot, so the sender is always “Ruxie.”
Here is a sample Expel notification message sent to a Microsoft Teams channel. A few things you should know about are highlighted:
This is the Tracking number. Very important.
This is the reason for the message.
This is what we want you to do.
This is how to reply to us.
Do NOT click Reply in this message if you want Expel to see your comments.
An Expel notification message is a one-way conversation in Microsoft Teams. If you try to reply to it, the message is not received by Expel. To respond to a notification message through Microsoft Teams:
Click New conversation.
Copy and paste the Tracking Number from the original message.
Add your comments.
Here's a sample Microsoft Teams conversation related to the notification message. A few important points are highlighted:
When you include a Tracking Number, SOC analysts can quickly access all the pertinent information, which helps them get you the answers you need that much faster.
The sender of our response is “Mio” as that's our Microsoft Teams communication app.
This is the SOC analysts response.
Now you can click Reply and continue the conversation with Expel.
After you start a new Microsoft Teams conversation, feel free to thread the message, and one of our SOC analysts continues to be in touch.
Let's say that you tried to reply directly to a notification message and you're waiting for a response from Expel. Or, for that matter, let's say that you did start a new Microsoft Teams conversation in the channel shared with Expel, and you're waiting to hear back from us.
Tick, tock. Tick, tock. Nothing. For some reason, we're not responding.
What should you do?
First of all, you should be aware that Expel operates 24/7. Our SOC analysts are always watching for security alerts and watching for messages from our customers. We respond to customer messages immediately, if not sooner.
So, if you send us a message and haven't heard back within 10-20 minutes, try sending the message a second time (if it's not urgent) or contact your engagement manager or submit a support ticket.
You can find the engagement manager contact information on the Settings > My Organization > Organization Settings page on the right side of the screen.
To submit a support ticket, log into Expel Workbench, click your initials in the upper right corner, and then click Submit a ticket in Zendesk.