MobileIronCLOUD

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

MobileIron CLOUD Integration#

MobileIron Cloud - Getting Started#

  1. Log in to the MobileIron Cloud Admin console.
  2. Open the users section.
  3. Click the create user button and select the option to create a new API user. It is recommended to create a new user for the Cortex XSOAR integration specifically and not reuse an existing one.
  4. Fill in all the required details (i.e., use demisto-api-user as the username) and make sure you enter a strong password.
  5. When setting up the Cortex XSOAR integration, use the auto-generated email address as the username and the password you defined as the MobileIron tenant credentials.
  6. Click the Test button and ensure the connection can be established.

Refer to the API documentation at the MobileIron community for more details on setting up the API user.

MobileIron Cloud - Spaces#

If you are dividing the devices into different spaces, it is important to make sure the integration points to the correct Partition ID (Device Space ID).

You should leave this value blank if you are not using spaces or if you want the integration to automatically resolve the default space ID.

Setting up pre-processing rules#

If you are using the fetch incidents option, we recommend to set-up a pre-processing rule in order to filter out any duplicates that might show up as part of the command.

  • In the Cortex XSOAR admin go to Settings -> Integrations -> Pre-Processing Rules
  • In Step 1 add a rule for Type equals MobileIron Cloud Device Incident.
  • In Step 2 select Drop and Update.
  • In Step 3 select Link to oldest incident created within the last 15 days and check the checkbox next to Search closed incidents .
  • Add an AND statement and enter MobileIron Device ID of existing incident is identical to the one of the incoming incident.
  • Save the rule.

Here is an example image of the rule

Pre-Processing Rules Example

Configure MobileIronCLOUD on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for MobileIronCLOUD.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    urlServer URL (i.e., https://eu1.mobileiron.com )True
    credentialsUser NameTrue
    incidentTypeIncident typeFalse
    partition_idPartition ID (leave empty to resolve default)False
    insecureTrust any certificate (not secure)False
    proxyUse system proxy settingsFalse
    fetch_intervalFetch Interval (in minutes)True
    max_fetchMaximum number of incidents per fetchFalse
    isFetchFetch incidentsFalse
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

mobileiron-cloud-get-devices-data#


Gets all the devices based on a particular filter query. The command might execute multiple API calls depending on the amount of devices that would be returned.

Base Command#

mobileiron-cloud-get-devices-data

Input#

Argument NameDescriptionRequired
queryFilter query for fetching the device data. Default is registrationState=ACTIVE.Optional
max_fetchThe maximum number of items returned in the list.Optional

Context Output#

PathTypeDescription
MobileIronCloud.Device.idNumberID of the device that is fetched.
MobileIronCloud.Device.guidStringGUID of the device that is fetched.
MobileIronCloud.Device.deviceModelStringModel of the device that is fetched.
MobileIronCloud.Device.deviceNameStringName of the device that is fetched.
MobileIronCloud.Device.platformTypeStringPlatform type of the device that is fetched.
MobileIronCloud.Device.platformVersionStringPlatform version of the device that is fetched.
MobileIronCloud.Device.osBuildVersionStringOperating system build version of the device that is fetched.
MobileIronCloud.Device.lastCheckinDateLast check in time of the device that is fetched.
MobileIronCloud.Device.registrationStateStringRegistration state of the device that is fetched.
MobileIronCloud.Device.displayNameStringDisplay name of the device that is fetched.
MobileIronCloud.Device.firstNameStringFirst name of the device that is fetched.
MobileIronCloud.Device.lastNameStringLast name of the device that is fetched.
MobileIronCloud.Device.uidStringUID of the device that is fetched.
MobileIronCloud.Device.emailAddressStringEmail address of the device that is fetched.
MobileIronCloud.Device.manufacturerStringManufacturer of the device that is fetched.
MobileIronCloud.Device.imeiUnknownInternational Mobile Equipment Identity (IMEI) of the device that is fetched.
MobileIronCloud.Device.imei2UnknownInternational Mobile Equipment Identity 2 (IME2) of the device that is fetched.
MobileIronCloud.Device.imsiStringInternational Mobile Subscriber Identity (IMSI) of the device that is fetched.
MobileIronCloud.Device.wifiMacAddressStringWiFi MAC address of the device that is fetched.
MobileIronCloud.Device.serialNumberUnknownSerial number of the device that is fetched.
MobileIronCloud.Device.altSerialNumberUnknownAlternative serial number of the device that is fetched.
MobileIronCloud.Device.ownershipTypeStringOwnership type of the device that is fetched.
MobileIronCloud.Device.complianceStateBooleanCompliance state of the device that is fetched.
MobileIronCloud.Device.roamingBooleanRoaming status of the device that is fetched.
MobileIronCloud.Device.supervisedUnknownDevice supervised.
MobileIronCloud.Device.udidStringUDID of the device that is fetched.
MobileIronCloud.Device.policyViolationCountNumberPolicy violation count of the device that is fetched.
MobileIronCloud.Device.lastRegistrationTimeDateLast registration time of the device that is fetched.
MobileIronCloud.Device.quarantinedBooleanWhether the device is quarantined.
MobileIronCloud.Device.jailbrokenBooleanWhether the device is jailbroken.

Command Example#

!mobileiron-cloud-get-devices-data

Context Example#

{
"MobileIronCloud": {
"Device": [
{
"id": 123,
"guid": "",
"deviceModel": "VirtualBox",
"deviceName": "DESKTOP-B76IV6U",
"platformType": "WINDOWS_PHONE",
"platformVersion": "10.0",
"osBuildVersion": "",
"lastCheckin": 1596026443798,
"registrationState": "ACTIVE",
"displayName": "Windows User",
"firstName": "Windows",
"lastName": "User",
"uid": "userid",
"emailAddress": "email",
"manufacturer": "GmbH",
"imei": null,
"imei2": null,
"imsi": "Not Present",
"wifiMacAddress": "",
"serialNumber": null,
"altSerialNumber": null,
"ownershipType": "UNKNOWN",
"complianceState": false,
"roaming": false,
"supervised": null,
"udid": "UIDVALUE",
"clientLastCheckin": null,
"prettyModel": "VirtualBox",
"policyViolationCount": 1,
"lastRegistrationTime": 1596022502880,
"quarantined": false,
"jailbroken": false,
"windowsDeviceType": "WINDOWS_DESKTOP",
"entityName": "DESKTOP-B76IV6U"
}
]
}
}

mobileiron-cloud-get-device-by-mac#


Gets a single device matching the provided mac address.

Base Command#

mobileiron-cloud-get-device-by-mac

Input#

Argument NameDescriptionRequired
device_macTHe MAC address of the device to fetch.Required

Context Output#

PathTypeDescription
MobileIronCloud.Device.idNumberThe ID of the device that is fetched.
MobileIronCloud.Device.guidStringGUID of the device that is fetched.
MobileIronCloud.Device.deviceModelStringModel of the device that is fetched.
MobileIronCloud.Device.deviceNameStringName of the device that is fetched.
MobileIronCloud.Device.platformTypeStringPlatform type of the device that is fetched.
MobileIronCloud.Device.platformVersionStringPlatform version of the device that is fetched.
MobileIronCloud.Device.osBuildVersionStringOperating system build version of the device that is fetched.
MobileIronCloud.Device.lastCheckinDateLast check in time of the device that is fetched.
MobileIronCloud.Device.registrationStateStringRegistration state of the device that is fetched.
MobileIronCloud.Device.displayNameStringDisplay name of the device that is fetched.
MobileIronCloud.Device.firstNameStringFirst name of the device that is fetched.
MobileIronCloud.Device.lastNameStringLast name of the device that is fetched.
MobileIronCloud.Device.uidStringUID of the device that is fetched.
MobileIronCloud.Device.emailAddressStringEmail address of the device that is fetched.
MobileIronCloud.Device.manufacturerStringManufacturer of the device that is fetched.
MobileIronCloud.Device.imeiUnknownInternational Mobile Equipment Identity (IMEI) of the device that is fetched.
MobileIronCloud.Device.imei2UnknownInternational Mobile Equipment Identity 2 (IME2) of the device that is fetched.
MobileIronCloud.Device.imsiStringInternational mobile subscriber identity (IMSI) of the device that is fetched.
MobileIronCloud.Device.wifiMacAddressStringWiFi MAC address of the device that is fetched.
MobileIronCloud.Device.serialNumberUnknownSerial number of the device that is fetched.
MobileIronCloud.Device.altSerialNumberUnknownAlternative serial number of the device that is fetched.
MobileIronCloud.Device.ownershipTypeStringOwnership type of the device that is fetched.
MobileIronCloud.Device.complianceStateBooleanCompliance state of the device that is fetched.
MobileIronCloud.Device.roamingBooleanRoaming status of the device that is fetched.
MobileIronCloud.Device.supervisedUnknownDevice Supervised
MobileIronCloud.Device.udidStringDevice UDID of the device that is fetched.
MobileIronCloud.Device.policyViolationCountNumberPolicy violation count of the device that is fetched.
MobileIronCloud.Device.lastRegistrationTimeDateLast registration time of the device that is fetched.
MobileIronCloud.Device.quarantinedBooleanWhether the device is quarantined.
MobileIronCloud.Device.jailbrokenBooleanWhether the device is jailbroken.

Command Example#

!mobileiron-cloud-get-device-by-mac device_mac=MAC_HERE

Context Example#

{
"MobileIronCloud": {
"Device": {
"id": 123,
"guid": "",
"deviceModel": "VirtualBox",
"deviceName": "DESKTOP-B76IV6U",
"platformType": "WINDOWS_PHONE",
"platformVersion": "10.0",
"osBuildVersion": "",
"lastCheckin": 1596026443798,
"registrationState": "ACTIVE",
"displayName": "Windows User",
"firstName": "Windows",
"lastName": "User",
"uid": "userid",
"emailAddress": "email",
"manufacturer": "GmbH",
"imei": null,
"imei2": null,
"imsi": "Not Present",
"wifiMacAddress": "",
"serialNumber": null,
"altSerialNumber": null,
"ownershipType": "UNKNOWN",
"complianceState": false,
"roaming": false,
"supervised": null,
"udid": "UIDVALUE",
"clientLastCheckin": null,
"prettyModel": "VirtualBox",
"policyViolationCount": 1,
"lastRegistrationTime": 1596022502880,
"quarantined": false,
"jailbroken": false,
"windowsDeviceType": "WINDOWS_DESKTOP",
"entityName": "DESKTOP-B76IV6U"
}
}
}

mobileiron-cloud-get-device-by-serial#


Gets a single device matching the provided value for the device serial number.

Base Command#

mobileiron-cloud-get-device-by-serial

Input#

Argument NameDescriptionRequired
device_serialSerial number of the device to fetch.Optional

Context Output#

PathTypeDescription
MobileIronCloud.Device.idNumberThe ID of the device that is fetched.
MobileIronCloud.Device.guidStringGUID of the device that is fetched.
MobileIronCloud.Device.deviceModelStringModel of the device that is fetched.
MobileIronCloud.Device.deviceNameStringName of the device that is fetched.
MobileIronCloud.Device.platformTypeStringPlatform type of the device that is fetched.
MobileIronCloud.Device.platformVersionStringPlatform version of the device that is fetched.
MobileIronCloud.Device.osBuildVersionStringOperating system build version of the device that is fetched.
MobileIronCloud.Device.lastCheckinDateLast check in time of the device that is fetched.
MobileIronCloud.Device.registrationStateStringRegistration state of the device that is fetched.
MobileIronCloud.Device.displayNameStringDisplay name of the device that is fetched.
MobileIronCloud.Device.firstNameStringFirst name of the device that is fetched.
MobileIronCloud.Device.lastNameStringLast name of the device that is fetched.
MobileIronCloud.Device.uidStringUID of the device that is fetched.
MobileIronCloud.Device.emailAddressStringEmail address of the device that is fetched.
MobileIronCloud.Device.manufacturerStringManufacturer of the device that is fetched.
MobileIronCloud.Device.imeiUnknownInternational Mobile Equipment Identity (IMEI) of the device that is fetched.
MobileIronCloud.Device.imei2UnknownInternational Mobile Equipment Identity 2 (IME2) of the device that is fetched.
MobileIronCloud.Device.imsiStringInternational mobile subscriber identity (IMSI) of the device that is fetched.
MobileIronCloud.Device.wifiMacAddressStringWiFi MAC address of the device that is fetched.
MobileIronCloud.Device.serialNumberUnknownSerial number of the device that is fetched.
MobileIronCloud.Device.altSerialNumberUnknownAlternative serial number of the device that is fetched.
MobileIronCloud.Device.ownershipTypeStringOwnership type of the device that is fetched.
MobileIronCloud.Device.complianceStateBooleanCompliance state of the device that is fetched.
MobileIronCloud.Device.roamingBooleanRoaming status of the device that is fetched.
MobileIronCloud.Device.supervisedUnknownDevice Supervised
MobileIronCloud.Device.udidStringDevice UDID of the device that is fetched.
MobileIronCloud.Device.policyViolationCountNumberPolicy violation count of the device that is fetched.
MobileIronCloud.Device.lastRegistrationTimeDateLast registration time of the device that is fetched.
MobileIronCloud.Device.quarantinedBooleanWhether the device is quarantined.
MobileIronCloud.Device.jailbrokenBooleanWhether the device is jailbroken.

Command Example#

!mobileiron-cloud-get-device-by-serial device_serial=SERIAL_HERE

Context Example#

{
"MobileIronCloud": {
"Device": {
"id": 123,
"guid": "",
"deviceModel": "VirtualBox",
"deviceName": "DESKTOP-B76IV6U",
"platformType": "WINDOWS_PHONE",
"platformVersion": "10.0",
"osBuildVersion": "",
"lastCheckin": 1596026443798,
"registrationState": "ACTIVE",
"displayName": "Windows User",
"firstName": "Windows",
"lastName": "User",
"uid": "userid",
"emailAddress": "email",
"manufacturer": "GmbH",
"imei": null,
"imei2": null,
"imsi": "Not Present",
"wifiMacAddress": "",
"serialNumber": null,
"altSerialNumber": null,
"ownershipType": "UNKNOWN",
"complianceState": false,
"roaming": false,
"supervised": null,
"udid": "UIDVALUE",
"clientLastCheckin": null,
"prettyModel": "VirtualBox",
"policyViolationCount": 1,
"lastRegistrationTime": 1596022502880,
"quarantined": false,
"jailbroken": false,
"windowsDeviceType": "WINDOWS_DESKTOP",
"entityName": "DESKTOP-B76IV6U"
}
}
}

mobileiron-cloud-unlock-device#


Sends an unlock action to the device.

Base Command#

mobileiron-cloud-unlock-device

Input#

Argument NameDescriptionRequired
device_idThe ID of the MobileIron device to fetch.Optional

Command Example#

!mobileiron-cloud-unlock-device device_id=1100646

Human Readable Output#

Action was performed successfully

mobileiron-cloud-retire-device#


Sends a retire action to the device.

Base Command#

mobileiron-cloud-retire-device

Input#

Argument NameDescriptionRequired
device_idThe ID of the MobileIron device to fetch.Optional

Human Readable Output#

Action was performed successfully

mobileiron-cloud-wipe-device#


Sends a wipe action to the device. This is a potentially destructive action as it will completely wipe the device.

Base Command#

mobileiron-cloud-wipe-device

Input#

Argument NameDescriptionRequired
device_idThe ID of the MobileIron device to fetch.Optional

Human Readable Output#

Action was performed successfully

mobileiron-cloud-force-check-in#


Forces a check in to the particular device based on the device ID.

Base Command#

mobileiron-cloud-force-check-in

Input#

Argument NameDescriptionRequired
device_idThe ID of the MobileIron device to fetch.Optional

Human Readable Output#

Action was performed successfully

mobileiron-cloud-send-message#


Sends a message to the device.

Base Command#

mobileiron-cloud-send-message

Input#

Argument NameDescriptionRequired
device_idThe ID of the MobileIron device to fetch.Optional
message_typeThe type of notification to send. Possible values are: email, push. Default is push.Required
subjectThe subject of the email. (Only used if an email should be sent).Optional
messageThe message to be sent.Required

Human Readable Output#

Action was performed successfully

mobileiron-cloud-get-device-by-id#


Returns the data for a particular device based on the device ID.

Base Command#

mobileiron-cloud-get-device-by-id

Input#

Argument NameDescriptionRequired
device_idThe ID of the MobileIron device to fetch.Required

Context Output#

PathTypeDescription
MobileIronCloud.Device.idNumberThe ID of the device that is fetched.
MobileIronCloud.Device.guidStringGUID of the device that is fetched.
MobileIronCloud.Device.deviceModelStringModel of the device that is fetched.
MobileIronCloud.Device.deviceNameStringName of the device that is fetched.
MobileIronCloud.Device.platformTypeStringPlatform type of the device that is fetched.
MobileIronCloud.Device.platformVersionStringPlatform version of the device that is fetched.
MobileIronCloud.Device.osBuildVersionStringOperating system build version of the device that is fetched.
MobileIronCloud.Device.lastCheckinDateLast check in time of the device that is fetched.
MobileIronCloud.Device.registrationStateStringRegistration state of the device that is fetched.
MobileIronCloud.Device.displayNameStringDisplay name of the device that is fetched.
MobileIronCloud.Device.firstNameStringFirst name of the device that is fetched.
MobileIronCloud.Device.lastNameStringLast name of the device that is fetched.
MobileIronCloud.Device.uidStringUID of the device that is fetched.
MobileIronCloud.Device.emailAddressStringEmail address of the device that is fetched.
MobileIronCloud.Device.manufacturerStringManufacturer of the device that is fetched.
MobileIronCloud.Device.imeiUnknownInternational Mobile Equipment Identity (IMEI) of the device that is fetched.
MobileIronCloud.Device.imei2UnknownInternational Mobile Equipment Identity 2 (IME2) of the device that is fetched.
MobileIronCloud.Device.imsiStringInternational mobile subscriber identity (IMSI) of the device that is fetched.
MobileIronCloud.Device.wifiMacAddressStringWiFi MAC address of the device that is fetched.
MobileIronCloud.Device.serialNumberUnknownSerial number of the device that is fetched.
MobileIronCloud.Device.altSerialNumberUnknownAlternative serial number of the device that is fetched.
MobileIronCloud.Device.ownershipTypeStringOwnership type of the device that is fetched.
MobileIronCloud.Device.complianceStateBooleanCompliance state of the device that is fetched.
MobileIronCloud.Device.roamingBooleanRoaming status of the device that is fetched.
MobileIronCloud.Device.supervisedUnknownDevice Supervised
MobileIronCloud.Device.udidStringDevice UDID of the device that is fetched.
MobileIronCloud.Device.policyViolationCountNumberPolicy violation count of the device that is fetched.
MobileIronCloud.Device.lastRegistrationTimeDateLast registration time of the device that is fetched.
MobileIronCloud.Device.quarantinedBooleanWhether the device is quarantined.
MobileIronCloud.Device.jailbrokenBooleanWhether the device is jailbroken.

Command Example#

!mobileiron-cloud-get-device-by-id device_id=1100646

Context Example#

{
"MobileIronCloud": {
"Device": {
"id": 123,
"guid": "",
"deviceModel": "VirtualBox",
"deviceName": "DESKTOP-B76IV6U",
"platformType": "WINDOWS_PHONE",
"platformVersion": "10.0",
"osBuildVersion": "",
"lastCheckin": 1596026443798,
"registrationState": "ACTIVE",
"displayName": "Windows User",
"firstName": "Windows",
"lastName": "User",
"uid": "userid",
"emailAddress": "email",
"manufacturer": "GmbH",
"imei": null,
"imei2": null,
"imsi": "Not Present",
"wifiMacAddress": "",
"serialNumber": null,
"altSerialNumber": null,
"ownershipType": "UNKNOWN",
"complianceState": false,
"roaming": false,
"supervised": null,
"udid": "UIDVALUE",
"clientLastCheckin": null,
"prettyModel": "VirtualBox",
"policyViolationCount": 1,
"lastRegistrationTime": 1596022502880,
"quarantined": false,
"jailbroken": false,
"windowsDeviceType": "WINDOWS_DESKTOP",
"entityName": "DESKTOP-B76IV6U"
}
}
}