This table lists the various reasons Expel sends out a notification message and explains what the message is all about.
If you are unsure how to read or respond to a notification message, contact support.
| Event | Action taken | Definition |
|---|---|---|
|
Incident |
is created |
Malicious activity was identified and we are looking into it. Stay tuned for remediation actions. |
|
Incident |
is closed |
The malicious activity we found is resolved. |
|
Incident |
is downgraded |
Malicious activity was de-escalated to an investigation. |
|
Incident |
is assigned to my org |
We are done investigating this activity and are assigning it to you to close out any remaining to-do items. |
|
Investigation |
is created |
Additional information is needed and we are looking into it. |
|
Investigation |
is closed |
Additional information was gathered and a conclusion was made. |
|
Investigation |
has an alert added |
We've identified additional alerts related to this investigation. |
|
Investigation |
is assigned to my org |
We need your team to investigate this activity. |
|
Comment |
is created |
Someone added a comment about a specific investigation or incident. |
|
Resilience recommendation |
is created |
We communicated a suggestion to prevent this kind of attack in the future. |
|
Resilience recommendation |
is updated |
We added a suggestion to prevent this kind of attack in the future. |
|
Investigative action |
is assigned to my org |
We need a representative from your organization to provide more information to help draw a conclusion about the activity. |
|
Investigative action |
is assigned to me |
You are assigned an investigative action to help provide additional information related to this activity. |
|
Remediation action |
is assigned to my org |
We identified an action your team can take to address unwanted activity. |
|
Remediation action |
is completed |
Action was taken to address the unwanted activity. |
|
Remediation action |
is automated |
Expel bots are doing this remediation for you, so your team doesn't need to do anything. |
|
Remediation action |
is assigned to me |
You need to take an action to address the unwanted activity. This is typically assigned to you by someone from your team. |
|
Security device |
has a health status change |
Your security device has become either connected or disconnected. |
|
Assembler |
has a health status change |
The condition of the Assembler has become either connected or disconnected. Note: The Assembler is the tool that Expel deploys in your environment to allow us to safely access your security devices. |
|
Incident findings |
are completed |
We reviewed the incident and finished adding the conclusions about why the incident occurred. |
|
Verify action |
is assigned to my org |
We need someone from your team to let us know if an action that triggered suspicion is authorized or not. |
|
Verify action |
is assigned to me |
We need you to let us know if an action that triggered suspicion is authorized or not. |
|
Notify action |
is assigned to my org |
We're sharing an update with your team of lower severity, but can include some actions you can take. |
|
Emerging threat |
is created |
Expel Threat Intelligence has identified a new threat that needs your attention. |