Integrations roundup: new integrations to manage overall business risk

· 3 MIN READ · ALAN NEWMAN · MAR 29, 2023 · TAGS: Cloud security / Company news / Tech tools

At Expel, we take a bring-your-own (BYO) tech approach to security operations. Instead of requiring customers to buy and implement specific tech, we integrate with the security tools they already have to maximize their existing investment. This also gives our customers more control over the security tech they use now and in the future.

Our integration portfolio has more than 100 integrations spanning cloud, Kubernetes, SaaS, SIEM, network, endpoint technologies, and more. We’re continuously adding new integrations to the portfolio to ensure we’re integrating with the right tech to manage risk across your business.

But risk isn’t limited to security alone. If the last few years have taught us anything, it’s that risk is a business-wide challenge that spans all people, processes, and technology within the organization. That’s why our strategy with our security operations platform, Expel Workbench™, is to integrate with all the applications that present a layer of risk to your business, not just security tech.

That’s why we’re excited to share that we’ve built new integrations with popular business applications, including Slack, Salesforce, Workday, and GitLab, so customers can manage overall business risk all within the Expel Workbench. Security tech is still a fundamental component of the risk equation, which is why we’ve also released new integrations with Microsoft Intune and ExtraHop.


Slack is a corporate instant messaging system that supports messaging, voice calls, media, and files through private chats, shared groups, or even as part of communities. As hybrid work is the norm for most organizations, the amount of highly sensitive data being communicated through Slack has substantially increased, making it a new vector of risk.

With our new Slack integration, the Expel Workbench has detections for user logins from suspicious countries, IPs, and from TOR domains in addition to monitoring risky configuration changes in the platform. We also support DUET detections for configuration changes such as when a user is granted an owner role.


Salesforce is a cloud-based customer relationship management platform. Sales, marketing, and success teams use Salesforce heavily to store prospect and customers’ personally identifiable information (PII). That PII is critical for effective go-to-market outreach, but also presents a risk to both the business and the customer if exposed.

Our new Salesforce integration, working with Salesforce Shield and Real-Time Event Monitoring, identifies suspicious authentication requests including both the user and IP address behind the authentication event, credential stuffing and session hijacking attacks, and anomalous API events. It creates a timeline of the event, and enriches with context like IP address, country, domain name, user agent string and more, and then scopes for related alerts. The gathered security signals and audit events are also used to provide additional context that helps our analysts and robots investigate alerts from other security technologies.


Workday is a cloud-based enterprise resource planning (ERP) technology used for managing human resource functions, financial analysis, and analytical solutions, among other processes. The human resource (HR) team typically uses Workday to manage employee information, like compensation, benefits, social security information, and more. While Workday may make the HR’s team managing employee information easier, it’s now become a database of sensitive employee information.

Our new Workday integration monitors suspicious IP addresses, domain names, and user agent strings.


GitLab is a DevOps platform that helps in software development. It provides the ability to collaborate, secure, and release software using easy-to-manage tools. It’s one of the most popular platforms of its kind, and developers are increasingly building, releasing, and deploying applications that can expose the business to risk without the right security controls in place.

Our new integration monitors GitLab audit events to identify suspicious authentication requests, including IP address, country, domain name, user agent strings, as well as monitoring risky configuration changes done in the platform.

Microsoft Intune

Microsoft Intune (formerly Windows Intune) is a cloud-based endpoint management solution. It manages user access and simplifies app and device management across many devices, including mobile devices, desktop computers, and virtual endpoints.

Expel Workbench now integrates with Microsoft Intune to quickly gather investigative data for triage and investigation of alerts to deliver high-quality and expedient containment and remediation actions – as well as monitoring risky configuration changes done in the platform.


ExtraHop Reveal(x) provides AI-based network intelligence that stops advanced threats across cloud, hybrid, and distributed environments. The core of ExtraHop technology is a passive network appliance that uses a network tap or port mirroring to receive network traffic.

We now integrate with ExtraHop Reveal(x) and monitor the platform’s security alerts.

Integrated platform to manage overall business risk

Cybersecurity isn’t an isolated discipline. Organizations are constantly adopting new technologies to support their missions, and this means that the threat landscape has grown in size and sophistication. Risk spans the business, so we’re excited to provide even more opportunities to manage this business risk, all from the Expel Workbench platform.

To learn more about these integrations, please visit our integrations guide.