blog-header-image
| 2 min read
| Oct 27, 2020
| by Evan Reichard, Dan Whalen, Matt Blasius, Peter Silberman, Roger Studner, Shamus Field and Wes Wu

Announcing Open Source python client (pyexclient) for Expel Workbench


At Expel, we believe that human time is precious, and should be spent only on the tasks that humans are better at than machines – making decisions and building relationships.

For the rest of the work, it’s technology to the rescue.

We’ve built our platform, Expel Workbench™, to provide an environment where our analysts can focus on high-quality decision making. In order to do this, we knew we needed the platform to be like fly paper for inventors – good ideas should be easy to experiment with and get into production.

Everything you can do in our platform has a discoverable (Open API FTW!), standard compliant (JSON API anyone?) application-programming interface (API) behind it. If you can click it in the user interface (UI), you can automate it with client code.

Internally at Expel, we’ve been taking advantage of our APIs from the very beginning, but we’ve always hoped to see customers do the same.

Introducing pyexclient

Today we’re announcing the release of pyexclient, a python client for the Expel Workbench.

We’ve built on our learnings over the past few years and have beefed it up with documentation and lots of examples. With the release of pyexclient we’re including:

  • Snippets : we’re releasing 25+ code snippets that give, in a few lines each, examples of how to accomplish a specific task. Want to create an investigation or update remediation actions? We’ve got you.
  • Scripts : In addition to the snippets, we’re releasing some fully featured scripts that contain larger use cases. The three we’re releasing today are:
    • Data Export via CSV: Want to manipulate alert data in your favorite business intelligence (BI) analytics tool? This script provides an example of how to export alert data and fields as a CSV over a specified time range.
    • Poll for new Incident: Want to build automation that runs when bad things are detected? This script provides an example that polls the API for new incidents. It also allows for filtering on keywords.
    • Sync with JIRA: Want to expose artifacts from decisions our analysts make in Expel Workbench to your internal case management system? This script provides an example of syncing Expel activities that require customer action to a Jira project. This includes:
      • Investigations assigned to the customer
      • Investigative actions assigned to the customer
      • Remediation actions assigned to the customer
      • Comments added to an investigation
  • Notebook: Want to see what change point analysis or off-hours alerting looks like in your environment? We’ve got you. We’re releasing a notebook that implements the following:
    • ipywidget to Auth to Expel Workbench (feel free to re-use this!)
    • Overview of alerts with some basic stats like number of alerts, percentage done without customer involvement and off-hours alerting (you can configure timezone and working hours)
    • Heatmap of alert arrival times
    • Time-to-action by severity w/ bar chart
    • Change point analysis for Expel Alert time series!

Here’s a screenshot of change point analysis available in the notebook:

Example alert time series w/ change points

As we’ve been working with our customers to protect and build out their cloud environments, we’ve been impressed with the raw power that can be achieved with composing APIs and configurable components.

Work that used to require a huge team to customize enterprise software is now just a script away. 

We’re really excited to get this client in the hands of our customers and partners, and see what innovative ways they leverage the information available in Expel Workbench.

Interested? We hope so! Getting started is as easy as “pip install pyexclient”. Head over to our pyexclient documentation page for more details.


Subscribe

Performance metrics, part 2: Keeping things under control

Metrics aren’t just for status reports, mmmkay. Effective SOC managers embrace data and use metrics to spot and fix problems. At Expel, reviewing metrics and adjusting is how we take care of the team – and our customers! In this…
Read More