Your security devices appear on the Security Devices page (Organization Settings > Security Devices). From this page you can add a new security device, monitor the health of your devices, view details about each device's activity, and make changes to your devices if needed.
Quick Links
View Security Device Details
For more details about a device's ingestion and raw events, health history, or resource usage, use the Details screen. This is also where you can find instructions on how to fix an unhealthy device.
Access the Details screen from the Security Devices page by clicking on the device row or by using the dropdown menu to select View details.
In the side panel of the Details page, you will see a number of additional screens that you can toggle through.
Health Screen
Health provides a high-level health check for the device that moves beyond the API connection status to also show raw events and Expel Alerts. You can also see when the device was onboarded, and by whom. For some integrations, you will see a "Configuration" field that indicates whether or not console access is enabled for Expel within the vendor technology.
Ingestion Screen
Ingestion helps you verify that data is actively moving across the connection and that polling is working properly. You can check the various data timestamps and also the time elapsed since the last successful poll to ensure the connection is actively pulling events into our detection engine.
Events Screen
Events shows the number of device events that have been processed by our detection engine, and the number of Expel Alerts and associated activity that resulted from those incoming events. Remember that not all events result in Expel Alerts or SOC activity. See How Expel Alerts Work for more information.
Information Screen
Information shows a read-only view of your basic device information as configured during onboarding.
Device History Screen
Device history provides a timeline of any changes to your device credentials or to the health of your device.
Usage Screen
Usage data will show your SaaS users, endpoints for on-prem, cloud resources, or Kubernetes nodes. The content of this screen varies based on the integration, and data is not available for all devices. You can get even more details about usage by downloading the inventory list from this screen, or by going to the Usage Dashboard.
Add a Security Device
To add a new device, you will need to follow the setup guide for your integration. There are steps that must be taken within your vendor technology before you come to this screen to add the device, and you may also need to set up an assembler as part of the process.
Find your setup guide by searching the Help Center for your integration, or by looking for your integration in Expel Integrations.
Edit a Security Device
If you need to make a change to a device that you have already set up, you can do so by locating your device and using the dropdown menu to select Edit. You will then see the same setup screen that you saw when you first created the device, and can modify your credentials as necessary.
Delete a Security Device
To delete a security device, locate your device and use the dropdown menu to select Delete. This action cannot be undone.