Get more insights into your organization’s mobile device posture information by using the Cortex XSOAR Pack for MobileIron (acquired by Ivanti) Core and Cloud
More than 52% of organizations now offer their employees, contractors and frontline workers the ability to work securely from any endpoint of their choice. This modern workplace includes diverse endpoints such as iOS, macOS, Android, Windows 10 devices, as well as other immersive and rugged devices such as HoloLens, Oculus, Zebra and more - and IT teams need a scalable solution to secure and manage them.
MobileIron’s UEM platform is that solution for end-to-end management of modern endpoints - from device on-boarding and provisioning, app management, secure access, to retirement.
As a result, MobileIron contains a variety of data points related to the security posture of every device within the organization. As the devices interact with different services within the enterprise environment, this information can be used to supplement security event data and improve the decision making process of any security professional.
Cortex XSOAR™ is used by security teams to detect and respond to security incidents within the organization’s digital footprint. This pack forms the glue between the two solutions and provides data enrichment based on device information contained within MobileIron for any incidents triggered by 3rd party security systems. This unified solution additionally allows MobileIron users the option to create security incidents based on device data within MobileIron Core or Cloud to be investigated and resolved by the security team.
What does this pack provide?
- Commands to fetch device data based on certain common attributes such as a WiFi MAC address, device UUID, serial number, and IP address.
- An option to query device data based on the MobileIron UEM API Query DSL.
- Commands to execute device-specific actions such as retire, wipe, send message, etc.
- Ability to fetch and create incidents based on device data contained within MobileIron UEM.
- Sample playbooks demonstrating how remediation actions can be set up to respond to device incidents.
- Custom layout and incident mapper to better show the relevant incident data.
A typical use-case:
- Security incidents are triggered by suspicious devices, accessing any corporate resource.
- Cortex XSOAR sends an automatic query to MobileIron UEM based on known information such as Device ID, IP address or serial number without needing to access the MobileIron console or involving the Mobility team.
- As the source of truth, MobileIron UEM provides a report containing information about the compliance state of the device and its security posture. For example, if the device has been compromised, stolen or is still securely under management.
Benefit: This helps the security team to gain a better understanding of the incident and make decisions quickly.