Expel replaces what customers spend on MSSPs today with a new concept called transparent managed security. Instead of dumping a pile of alerts on you, we find attackers and give you the answers you need to kick them out using a combination of our Workbench and Expel analysts monitoring your environment 24×7. The net result? You measurably improve your security and can focus on managing risk rather than operating products and massaging alerts. With this integration, Expel will be able to trigger, acknowledge and resolve incidents in PagerDuty.
Great! Now that you’ve authorized Expel to integrate with your account, you’ll need to select which service you want to add the integration to or create a new integration. Once you’ve done this, click “Finish Integration”.
You’ll be redirected to Workbench and see if the integration was successful: To test the integration, keep on reading.
In PagerDuty, navigate to your “Incidents page”. In the “Activity for the Past 7 Days” section, you’ll see the test connection. It will have a unique ID appended to the title. You should see two rows for the test event, one for the triggered event and one for the resolved activity. That’s it!
1. To disconnect or edit the PagerDuty integration, click the “Edit Icon” by the PagerDuty integration.
2. You’ll see a link to disconnect and delete the connection.Click this link to no longer receive alert notifications from Expel through PagerDuty.
Can Workbench send alerts to more than one PagerDuty service?
Not currently. As of now, alerts can only be configured to a single PagerDuty service.
Will PagerDuty incidents resolve once the Security Incident is complete in Workbench?
No. At this time, the PagerDuty incident must be resolved from PagerDuty.
In the future, will Workbench offer other triggering events besides an Incident creation?
Expel customers, please contact your engagement manager if you need additional notification triggers.