Mindflow and Expel Workbench have partnered to enable users to automate their incident management and better protect their information systems.

Overview

Expel, also recognized for its managed detection and response (MDR) provider, aims to make cloud security accessible, has launched Expel Workbench for AWS, a SaaS. 

With Expel Workbench, you can monitor and investigate security risks in your AWS environment. To that end, it takes your AWS logs and alerts and departs between those who are real risks and those who aren’t with contextualization. 

Thanks to Expel Workbench, you can reduce your experts’ time to log analytics. It helps you identify potential security incidents on short notice to allow you to remediate them without being drowned under their accumulation. As such, it enables you to avoid having to invest in an entire team of AWS security experts and focus your money on growth.

The detection strategy uses native AWS services to:

• Analyze GuardDuty alerts
• Add custom detections for high-risk activities
• Enrich and validate alerts

Thanks to these services, Expel can automate investigations. Its bot, Ruxie, reduces your investigation time by automating investigative actions just like a fundamental SOC analyst would.

It also validates your AWS security alerts by cutting through the noise and bringing up signals that need special attention.

Further, Expel tells you how to investigate with step-by-step guides to investigate the validated AWS alerts elevated to your agents.

Expel Workbench uses API integrations to connect directly with your AWS instance to pull CloudTrail data from S3 and access services like GuardDuty and Amazon Inspector. Then, Josi and Ruxie will get to work and automatically enrich and triage alerts, bringing up Expel alerts that they will validate. After, Expel continues to support you by combining the alert with one of their step-by-step guides to investigate.

By integrating with Expel Workbench, Mindflow allows its users to automate the correlation of data and information about an investigation and appeal to its other integration for further enrichment or actions. 

Features and Benefits

• Reduce risk: Expel allows you to ingest and analyze all the alerts generated on GuardDuty and all of your CloudTrail logs to benefit from an extensive review to have answers
• Specific recommendations for actions: to address immediate issues based on your environment Expel combines alerts with extensive guides
• Cut your security costs: Enhance your analysts’ capabilities into your AWS environment to avoid the need to hire a whole team of experts