Expel-validated security alerts with guided investigative actions
Expel Workbench for AWS
(‘cause who wants to play Where’s Waldo with AWS logs)
Spending hours (or days) digging through a monotonous pile of logs probably isn’t high on your to-do list. Expel Workbench for AWS helps you identify potential security incidents within minutes so you can fix them without investing in a squad of AWS security experts.
Become an expert AWS investigator overnight!
Our AWS detection strategy uses native AWS services to:
- Analyze GuardDuty alerts
- Add custom detections for high-risk activities
- Enrich and validates alerts
What we do
Our bot, Ruxie™, shrinks investigation time by automating investigative actions just like our SOC analysts would.
AWS security alerts
We cut through the noise and surface up the alerts that need your eyes on them.
how to investigate
We’ll give you step-by-step guides on how to investigate the validated AWS alerts we serve up to you.
How it works
(spoiler alert: GuardDuty is just the starting point)
Expel Workbench uses API integrations to connect directly with your AWS instance to pull CloudTrail data from S3 and access services like GuardDuty and Amazon Inspector. Our bots, Josie™ and Ruxie™, get to work and automatically enrich and triage alerts, surfacing up Expel-validated alerts. When we notify you about an alert you’ll get step-by-step guides on how to investigate.
What you get
(a cloud SOC without the hassle of building one)
Expel Workbench provides AWS-specific detections based on the attacks our SOC sees and as new (or updated) AWS offerings roll out. We triage 100% of your GuardDuty alerts and serve up the alerts that require your attention.
A few of the benefits
Make sure all your GuardDuty alerts and CloudTrail logs get SOC-style review.
Get more out of the AWS services you already subscribe to.
Upskill your analysts into expert AWS investigators and avoid hiring an army to keep up with your alerts.
How Expel Workbench compares to our MDR service
It’s pretty simple. Expel Workbench tells you when alerts need your eyes on them. Then it’s up to you to chase them down. When you upgrade to our MDR service we’ll monitor your AWS instance 24x7 and do all of the investigations for you.
|Expel Workbench for AWS||Expel MDR for Cloud Infrastructure|
|Expel detections for AWS powered by Josie™|
|Slack and email notifications|
|Investigations powered by Ruxie™|
|Investigations by Expel SOC analysts|
|24x7 Slack access to Expel SOC analysts|
|Dedicated Expel Engagement Manager|
|Support for Signal Sciences, Lacework|
What is AWS GuardDuty and how can you make sense of all the signals? Here are our pro tips.
Making sure you’re looking at the right things in your AWS environment is easier said than done. And when there are so many AWS services to get security signal from, it’s hard to know whether you have the right ones turned on and if you’re getting the insights you need.
If you’re running workloads on AWS, then you’ll want to know all about the latest and greatest AWS-native security tools. We’ve got you covered in our latest post.
talk to a human?
Give us 30 minutes to show you how we can protect your data and workloads in AWS.