Tools
Security operations | 7 min read
How to identify when you’ve lost control of your SIEM (and how to rein it back in)See if these four telltale warning signs get your head nodding. If so, learn how to get started on regaining control.
Tips | 7 min read
Five common multi-cloud security challengesSwitching to a multi-cloud solution? Easy! Just kidding. Expel’s senior detection & response engineer shares some things you need to think about when going multi-cloud – and how to stay sane.
Engineering | 8 min read
Terraforming a better engineering experience with AtlantisTo build something useful you must first understand your users. Find out how Expel used Terraform and Atlantis to build a platform that makes self-service provisioning in cloud infrastructure easy. % %
Expel insider | 1 min read
Introducing 24×7 monitoring and response for Google Cloud PlatformRunning a Google Cloud Platform (GCP) workload or thinking about integrating it into your security portfolio? Expel can help! We’ve officially launched our GCP 24x7 monitoring and response services.
Tips | 6 min read
How to create and maintain Jupyter threat hunting notebooksWe got a lot of questions about configuring Jupyter notebooks after presenting at Infosec Jupyterthon 2020. See our response along with some tips for incorporating this tech into infosec processes.
Security operations | 5 min read
Creating data-driven detections with DataDog and JupyterHubCreating alert thresholds is critical to *not* driving your SOC analysts batty, but what’s the “right” number? Here are some tips, tricks and favorite tools we use to determine alert thresholds for customer environments.
Security operations | 6 min read
Exabeam: an incident investigator’s cheat codeWe love EDR tools too, but here are our best tips and tricks for combining EDR data with other (equally) important security signals.
Security operations | 3 min read
Where does Amazon Detective fit in your AWS security landscape?If you’re running workloads on AWS, then you’ll want to know all about the latest and greatest AWS-native security tools. We’ve got you covered in our latest post.
Security operations | 8 min read
Using JupyterHub for threat hunting? Then you should know these 8 tricks.Jupyter Notebook gave us the freedom to rethink the way we analyzed hunting data. Here are some tips and tricks you can use in your own analysis.
Security operations | 7 min read
How to choose the right security tech for threat huntingHow do you decide which tech to use to carry out your hunt? This post’s got some pro tips for when and how to use different technology for your threat hunting mission.
Security operations | 4 min read
How to get your security tool chest in order when you’re growing like crazyNeed to expand your security tool chest? Our CISO’s got some tips to consider when thinking about what tech to keep or buy.
Security operations | 4 min read
Does your MSSP or MDR provider know how to manage your signals?How well is your MSSP or MDR going to manage your fleet of security signals over time? Here’s how to figure out whether they’re up for the challenge.
Tips | 6 min read
Five tips for improving your data ingestion and auditing processYou’re processing loads of data every day...but are you catching it all? Here are tips from our pros for rocking your data auditing.
Security operations | 9 min read
12 ways to tell if your managed security provider won’t suck next yearHow can you figure out if the quality of the service you’re about to sign up for will improve over time? Our COO Yanek Korff’s got some tips for making sure you choose a service that’ll last.
Tips | 8 min read
How to find Amazon S3 bucket misconfigurations and fix them ASAPWhy do Amazon S3 bucket breaches happen and how can you protect your own org from making this mistake? We’ve got all the AWS pro tips for you in our latest post.
Tips | 6 min read
Evaluating GreyNoise: what you need to know and how it can help youWe use technologies behind the scenes to make Expel Workbench and our analysts more efficient. GreyNoise is one of those -- here's how we use it and why you might find it useful too.
MDR | 9 min read
12 revealing questions to ask when evaluating an MSSP or MDR vendorWe’ve heard lots of interesting Qs as prospective customers evaluate which MDR provider is right for them... here are the 12 you should be asking.
Tips | 10 min read
Investigating Darktrace alerts for lateral movementLearn how Darktrace works and read an Expel review and features guide for Darktrace to decide if this AI cybersecurity platform is right for you.
Security operations | 5 min read
Managed detection and response (MDR): symptom or solution?An uncommonly clear review of what managed detection and response (MDR) is, where it came from and what it can/can't do for you.
Security operations | 3 min read
What’s endpoint detection and response (EDR) and when should you care?We cut through the hype to explain what Endpoint Detection and Response (EDR) tools can do for you. (3 min read)
Talent | 3 min read
Get your security tools in order: seven tactics you should knowDo you have the equipment and material needed to get your work right? Here are seven things to keep in mind to bring harmony to your toolchain. (4 min read)