MobileIronCORE
MobileIron-UEM Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.0.0 and later.
#
MobileIron CORE IntegrationThis integration was created and tested with version 11.0.0 of MobileIronCORE
#
MobileIron Core - Getting Started- Log in to the MobileIron Core Admin console.
- Open the
Users
top section. - Click on the
create local user
button. It is recommended to create a new user for the Cortex XSOAR integration specifically and not reuse an existing one. - Make sure you enter all the details and keep note of the User ID (ex. demisto-api-user) and the password specifically.
- Click on the
Admins
top section. - Add the user you just created as an admin to the instance.
- When setting up the Cortex XSOAR integration use User ID as the username and the password you defined as the MobileIron tenant credentials
- Click the
Test
button and ensure the connection can be established.
Refer to the API documentation at the MobileIron community for more details on setting up the API user.
#
MobileIron Core - SpacesIf you are dividing the devices into different spaces, it is important to make sure the integration
points to the correct Device Admin Space ID
.
In most cases, this is set to the value 1 for the global space ID.
#
Setting up pre-processing rulesIf you are using the fetch incidents option it is advisable to set-up a pre-processing rule in order to filter out any duplicates that might show up as part of the command.
- Inside the Cortex XSOAR admin go to Settings -> Integrations -> Pre-Processing Rules.
- In Step 1 add a rule for Type equals MobileIron Core Device Incident.
- In Step 2 select Drop and Update.
- In Step 3 select Link to oldest incident created within the last 15 days and check the checkbox next to Search closed incidents.
- Add an AND statement and enter MobileIron Device ID of existing incident is identical to the one of the incoming incident.
- Save.
Here is an example image of the rule
#
Configure MobileIronCORE on Cortex XSOARNavigate to Settings > Integrations > Servers & Services.
Search for MobileIronCORE.
Click Add instance to create and configure a new integration instance.
Parameter Description Required url Server URL (ex. https://core.mobileiron.com ) True admin_space_id Admin Space ID (ex. 1 for the global space ID.) True credentials API User Credentials True max_fetch Maximum number of incidents per fetch False incidentType Incident type False insecure Trust any certificate (not secure) False proxy Use system proxy settings False fetch_interval Fetch Interval (in minutes) True isFetch Fetch incidents False Click Test to validate the URLs, token, and connection.
#
CommandsYou can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
mobileiron-core-send-messageSends a message to the particular device based on the device ID.
#
Base Commandmobileiron-core-send-message
#
InputArgument Name | Description | Required |
---|---|---|
device_id | The ID of the device to send a message to. | Required |
subject | The subject of the email. | Required |
message | The message of the email. | Required |
message_type | The type of message to send. Possible values are: "pns", "sms" and "email". | Required |
#
mobileiron-core-update-osUpdates the operating system on the particular device based on the device ID.
#
Base Commandmobileiron-core-update-os
#
InputArgument Name | Description | Required |
---|---|---|
device_id | The ID of the device on which to update the operating system. | Required |
#
mobileiron-core-unlock-device-onlyUnlocks the particular device based on the device ID.
#
Base Commandmobileiron-core-unlock-device-only
#
InputArgument Name | Description | Required |
---|---|---|
device_id | The ID of the device to unlock. | Required |
#
mobileiron-core-enable-voice-roamingEnables voice roaming on the particular device based on the device ID.
#
Base Commandmobileiron-core-enable-voice-roaming
#
InputArgument Name | Description | Required |
---|---|---|
device_id | The ID of the device on which to enable voice roaming. | Required |
#
mobileiron-core-disable-voice-roamingDisables voice roaming on the particular device based on the device ID.
#
Base Commandmobileiron-core-disable-voice-roaming
#
InputArgument Name | Description | Required |
---|---|---|
device_id | The ID of the device on which to disable voice roaming. | Required |
#
mobileiron-core-enable-data-roamingEnables data roaming on the particular device based on the device ID.
#
Base Commandmobileiron-core-enable-data-roaming
#
InputArgument Name | Description | Required |
---|---|---|
device_id | The ID of the device on which to enable data roaming. | Required |
#
mobileiron-core-disable-data-roamingDisables data roaming on the particular device based on the device ID.
#
Base Commandmobileiron-core-disable-data-roaming
#
InputArgument Name | Description | Required |
---|---|---|
device_id | The ID of the device on which to disable data roaming. | Required |
#
mobileiron-core-enable-personal-hotspotEnables a personal hotspot on the particular device based on the device ID.
#
Base Commandmobileiron-core-enable-personal-hotspot
#
InputArgument Name | Description | Required |
---|---|---|
device_id | The ID of the device on which to enable a personal hotspot. | Required |
#
mobileiron-core-disable-personal-hotspotDisables a personal hotspot on the particular device based on the device ID.
#
Base Commandmobileiron-core-disable-personal-hotspot
#
InputArgument Name | Description | Required |
---|---|---|
device_id | The ID of the device on which to disable a personal hotspot. | Required |
#
mobileiron-core-unlock-app-connect-containerUnlocks an app connect container on the particular device based on the device ID.
#
Base Commandmobileiron-core-unlock-app-connect-container
#
InputArgument Name | Description | Required |
---|---|---|
device_id | The ID of the device on which to unlock an app connect container. | Required |
#
mobileiron-core-retire-deviceRetires a device based on the device ID.
#
Base Commandmobileiron-core-retire-device
#
InputArgument Name | Description | Required |
---|---|---|
device_id | The ID of the device to retire. | Required |
#
mobileiron-core-wipe-deviceWipes a device based on the device ID.
#
Base Commandmobileiron-core-wipe-device
#
InputArgument Name | Description | Required |
---|---|---|
device_id | ID of the device to wipe. | Required |
#
mobileiron-core-force-checkinForces check in to the device based on the device ID.
#
Base Commandmobileiron-core-force-checkin
#
InputArgument Name | Description | Required |
---|---|---|
device_id | ID of the device on which to force check in. | Required |
#
mobileiron-core-get-devices-dataGets a list of devices matching the provided query.
#
Base Commandmobileiron-core-get-devices-data
#
InputArgument Name | Description | Required |
---|---|---|
query | The query used to filter the list of devices. Default is common.status = "ACTIVE". | Required |
additional_fields | Comma-separated list of fields to query from the API. | Optional |
max_fetch | The maximum number of items to return. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
MobileIronCore.Device.common_model | String | Model of the device that was fetched. |
MobileIronCore.Device.common_os_version | String | Operating system version of the device that was fetched. |
MobileIronCore.Device.common_platform | String | Platform name of the device that was fetched. |
MobileIronCore.Device.common_status | String | Status of the device that was fetched. |
MobileIronCore.Device.common_imei | String | International Mobile Equipment Identity (IMEI) of the device that was fetched. |
MobileIronCore.Device.common_platform | String | Platform of the device that was fetched. |
MobileIronCore.Device.common_security_state | String | Security state of the device that was fetched. |
MobileIronCore.Device.user_display_name | String | Display name of the device that was fetched. |
MobileIronCore.Device.common_last_connected_at | Date | Date the device that was fetched was last connected. |
MobileIronCore.Device.common_uuid | String | Device UUID of the device that was fetched. |
MobileIronCore.Device.common_quarantined | Boolean | Whether the device was quarantined. |
MobileIronCore.Device.common_id | Number | ID of the device that was fetched. |
MobileIronCore.Device.common_imsi | String | International mobile subscriber identity (IMSI) of the device that was fetched. |
MobileIronCore.Device.common_owner | String | Owner of the device that was fetched. |
MobileIronCore.Device.user_email_address | String | User email address of the device that was fetched. |
MobileIronCore.Device.common_manufacturer | String | Manufacturer of the device that was fetched. |
MobileIronCore.Device.common_compliant | Boolean | Whether the device that was fetched is compliant. |
MobileIronCore.Device.user_user_id | String | User ID of the device that was fetched. |
MobileIronCore.Device.common_registration_date | Date | Registration date of the device that was fetched. |
MobileIronCore.Device.common_wifi_mac_address | String | WiFi MAC address of the device that was fetched. |
MobileIronCore.Device.common_noncompliance_reasons | String | Non-compliance reasons for the device that was fetched. |
MobileIronCore.Device.ios_iPhone_UDID | String | iPhone UDID of the device that was fetched. |
MobileIronCore.Device.ios_iPhone_MAC_ADDRESS_EN0 | String | IPhone MAC address EN0 of the device that was fetched. |
MobileIronCore.Device.ios_Current_MCC | String | Current MCC of the device that was fetched. |
MobileIronCore.Device.common_current_country_code | String | Current country code of the device that was fetched. |
MobileIronCore.Device.user_sam_account_name | String | SAM account name of the device that was fetched. |
MobileIronCore.Device.common_current_country_name | String | Current country nameCurrent country name of the device that was fetched. |
MobileIronCore.Device.common_home_country_name | String | Home country name of the device that was fetched. |
MobileIronCore.Device.common_home_country_code | String | Home country code of the device that was fetched. |
MobileIronCore.Device.common_device_is_compromised | Boolean | Whether the device that was fetched was compromised. |
MobileIronCore.Device.common_SerialNumber | String | Device serial number of the device that was fetched. |
MobileIronCore.Device.common_mdm_managed | Boolean | Whether the device that was fetched is MDM managed. |
#
Command Example!mobileiron-core-get-devices-data
#
Context Example#
mobileiron-core-get-device-by-uuidGets a single device based on the device UUID.
#
Base Commandmobileiron-core-get-device-by-uuid
#
InputArgument Name | Description | Required |
---|---|---|
device_uuid | The UUID of the device to fetch. | Required |
additional_fields | Comma-separated list of fields to query from the API. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
MobileIronCore.Device.common_model | String | Model of the device that was fetched. |
MobileIronCore.Device.common_os_version | String | Operating system version of the device that was fetched. |
MobileIronCore.Device.common_platform | String | Platform name of the device that was fetched. |
MobileIronCore.Device.common_status | String | Status of the device that was fetched. |
MobileIronCore.Device.common_imei | String | International Mobile Equipment Identity (IMEI) of the device that was fetched. |
MobileIronCore.Device.common_platform | String | Platform of the device that was fetched. |
MobileIronCore.Device.common_security_state | String | Security state of the device that was fetched. |
MobileIronCore.Device.user_display_name | String | Display name of the device that was fetched. |
MobileIronCore.Device.common_last_connected_at | Date | Date the device that was fetched was last connected. |
MobileIronCore.Device.common_uuid | String | Device UUID of the device that was fetched. |
MobileIronCore.Device.common_quarantined | Boolean | Whether the device was quarantined. |
MobileIronCore.Device.common_id | Number | ID of the device that was fetched. |
MobileIronCore.Device.common_imsi | String | International mobile subscriber identity (IMSI) of the device that was fetched. |
MobileIronCore.Device.common_owner | String | Owner of the device that was fetched. |
MobileIronCore.Device.user_email_address | String | User email address of the device that was fetched. |
MobileIronCore.Device.common_manufacturer | String | Manufacturer of the device that was fetched. |
MobileIronCore.Device.common_compliant | Boolean | Whether the device that was fetched is compliant. |
MobileIronCore.Device.user_user_id | String | User ID of the device that was fetched. |
MobileIronCore.Device.common_registration_date | Date | Registration date of the device that was fetched. |
MobileIronCore.Device.common_wifi_mac_address | String | WiFi MAC address of the device that was fetched. |
MobileIronCore.Device.common_noncompliance_reasons | String | Non-compliance reasons for the device that was fetched. |
MobileIronCore.Device.ios_iPhone_UDID | String | iPhone UDID of the device that was fetched. |
MobileIronCore.Device.ios_iPhone_MAC_ADDRESS_EN0 | String | IPhone MAC address EN0 of the device that was fetched. |
MobileIronCore.Device.ios_Current_MCC | String | Current MCC of the device that was fetched. |
MobileIronCore.Device.common_current_country_code | String | Current country code of the device that was fetched. |
MobileIronCore.Device.user_sam_account_name | String | SAM account name of the device that was fetched. |
MobileIronCore.Device.common_current_country_name | String | Current country nameCurrent country name of the device that was fetched. |
MobileIronCore.Device.common_home_country_name | String | Home country name of the device that was fetched. |
MobileIronCore.Device.common_home_country_code | String | Home country code of the device that was fetched. |
MobileIronCore.Device.common_device_is_compromised | Boolean | Whether the device that was fetched was compromised. |
MobileIronCore.Device.common_SerialNumber | String | Device serial number of the device that was fetched. |
MobileIronCore.Device.common_mdm_managed | Boolean | Whether the device that was fetched is MDM managed. |
#
Command Example!mobileiron-core-get-device-by-uuid device_uuid=9b0da853-9f9b-483c-97ef-f4b5457299cf
#
Context Example#
mobileiron-core-get-device-by-serialGets a single device based on the device serial number.
#
Base Commandmobileiron-core-get-device-by-serial
#
InputArgument Name | Description | Required |
---|---|---|
device_serial | The serial number of the device to fetch. | Required |
additional_fields | Comma-separated list of fields to query from the API. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
MobileIronCore.Device.common_model | String | Model of the device that was fetched. |
MobileIronCore.Device.common_os_version | String | Operating system version of the device that was fetched. |
MobileIronCore.Device.common_platform | String | Platform name of the device that was fetched. |
MobileIronCore.Device.common_status | String | Status of the device that was fetched. |
MobileIronCore.Device.common_imei | String | International Mobile Equipment Identity (IMEI) of the device that was fetched. |
MobileIronCore.Device.common_platform | String | Platform of the device that was fetched. |
MobileIronCore.Device.common_security_state | String | Security state of the device that was fetched. |
MobileIronCore.Device.user_display_name | String | Display name of the device that was fetched. |
MobileIronCore.Device.common_last_connected_at | Date | Date the device that was fetched was last connected. |
MobileIronCore.Device.common_uuid | String | Device UUID of the device that was fetched. |
MobileIronCore.Device.common_quarantined | Boolean | Whether the device was quarantined. |
MobileIronCore.Device.common_id | Number | ID of the device that was fetched. |
MobileIronCore.Device.common_imsi | String | International mobile subscriber identity (IMSI) of the device that was fetched. |
MobileIronCore.Device.common_owner | String | Owner of the device that was fetched. |
MobileIronCore.Device.user_email_address | String | User email address of the device that was fetched. |
MobileIronCore.Device.common_manufacturer | String | Manufacturer of the device that was fetched. |
MobileIronCore.Device.common_compliant | Boolean | Whether the device that was fetched is compliant. |
MobileIronCore.Device.user_user_id | String | User ID of the device that was fetched. |
MobileIronCore.Device.common_registration_date | Date | Registration date of the device that was fetched. |
MobileIronCore.Device.common_wifi_mac_address | String | WiFi MAC address of the device that was fetched. |
MobileIronCore.Device.common_noncompliance_reasons | String | Non-compliance reasons for the device that was fetched. |
MobileIronCore.Device.ios_iPhone_UDID | String | iPhone UDID of the device that was fetched. |
MobileIronCore.Device.ios_iPhone_MAC_ADDRESS_EN0 | String | IPhone MAC address EN0 of the device that was fetched. |
MobileIronCore.Device.ios_Current_MCC | String | Current MCC of the device that was fetched. |
MobileIronCore.Device.common_current_country_code | String | Current country code of the device that was fetched. |
MobileIronCore.Device.user_sam_account_name | String | SAM account name of the device that was fetched. |
MobileIronCore.Device.common_current_country_name | String | Current country nameCurrent country name of the device that was fetched. |
MobileIronCore.Device.common_home_country_name | String | Home country name of the device that was fetched. |
MobileIronCore.Device.common_home_country_code | String | Home country code of the device that was fetched. |
MobileIronCore.Device.common_device_is_compromised | Boolean | Whether the device that was fetched was compromised. |
MobileIronCore.Device.common_SerialNumber | String | Device serial number of the device that was fetched. |
MobileIronCore.Device.common_mdm_managed | Boolean | Whether the device that was fetched is MDM managed. |
#
Command Example!mobileiron-core-get-device-by-serial device_serial=EXAMPLE
#
Context Example#
mobileiron-core-get-device-by-macGets a single device based on the device WiFi MAC address.
#
Base Commandmobileiron-core-get-device-by-mac
#
InputArgument Name | Description | Required |
---|---|---|
device_mac | MAC address of the device to fetch. | Required |
additional_fields | Comma-separated list of fields to query from the API. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
MobileIronCore.Device.common_model | String | Model of the device that was fetched. |
MobileIronCore.Device.common_os_version | String | Operating system version of the device that was fetched. |
MobileIronCore.Device.common_platform | String | Platform name of the device that was fetched. |
MobileIronCore.Device.common_status | String | Status of the device that was fetched. |
MobileIronCore.Device.common_imei | String | International Mobile Equipment Identity (IMEI) of the device that was fetched. |
MobileIronCore.Device.common_platform | String | Platform of the device that was fetched. |
MobileIronCore.Device.common_security_state | String | Security state of the device that was fetched. |
MobileIronCore.Device.user_display_name | String | Display name of the device that was fetched. |
MobileIronCore.Device.common_last_connected_at | Date | Date the device that was fetched was last connected. |
MobileIronCore.Device.common_uuid | String | Device UUID of the device that was fetched. |
MobileIronCore.Device.common_quarantined | Boolean | Whether the device was quarantined. |
MobileIronCore.Device.common_id | Number | ID of the device that was fetched. |
MobileIronCore.Device.common_imsi | String | International mobile subscriber identity (IMSI) of the device that was fetched. |
MobileIronCore.Device.common_owner | String | Owner of the device that was fetched. |
MobileIronCore.Device.user_email_address | String | User email address of the device that was fetched. |
MobileIronCore.Device.common_manufacturer | String | Manufacturer of the device that was fetched. |
MobileIronCore.Device.common_compliant | Boolean | Whether the device that was fetched is compliant. |
MobileIronCore.Device.user_user_id | String | User ID of the device that was fetched. |
MobileIronCore.Device.common_registration_date | Date | Registration date of the device that was fetched. |
MobileIronCore.Device.common_wifi_mac_address | String | WiFi MAC address of the device that was fetched. |
MobileIronCore.Device.common_noncompliance_reasons | String | Non-compliance reasons for the device that was fetched. |
MobileIronCore.Device.ios_iPhone_UDID | String | iPhone UDID of the device that was fetched. |
MobileIronCore.Device.ios_iPhone_MAC_ADDRESS_EN0 | String | IPhone MAC address EN0 of the device that was fetched. |
MobileIronCore.Device.ios_Current_MCC | String | Current MCC of the device that was fetched. |
MobileIronCore.Device.common_current_country_code | String | Current country code of the device that was fetched. |
MobileIronCore.Device.user_sam_account_name | String | SAM account name of the device that was fetched. |
MobileIronCore.Device.common_current_country_name | String | Current country nameCurrent country name of the device that was fetched. |
MobileIronCore.Device.common_home_country_name | String | Home country name of the device that was fetched. |
MobileIronCore.Device.common_home_country_code | String | Home country code of the device that was fetched. |
MobileIronCore.Device.common_device_is_compromised | Boolean | Whether the device that was fetched was compromised. |
MobileIronCore.Device.common_SerialNumber | String | Device serial number of the device that was fetched. |
MobileIronCore.Device.common_mdm_managed | Boolean | Whether the device that was fetched is MDM managed. |
#
Command Example!mobileiron-core-get-device-by-mac device_mac=EXAMPLE
#
Context Example#
mobileiron-core-get-device-by-ipGets a single device based on the device IP address.
#
Base Commandmobileiron-core-get-device-by-ip
#
InputArgument Name | Description | Required |
---|---|---|
device_ip | IP address of the device to fetch. | Required |
additional_fields | Comma-separated list of fields to query from the API. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
MobileIronCore.Device.common_model | String | Model of the device that was fetched. |
MobileIronCore.Device.common_os_version | String | Operating system version of the device that was fetched. |
MobileIronCore.Device.common_platform | String | Platform name of the device that was fetched. |
MobileIronCore.Device.common_status | String | Status of the device that was fetched. |
MobileIronCore.Device.common_imei | String | International Mobile Equipment Identity (IMEI) of the device that was fetched. |
MobileIronCore.Device.common_platform | String | Platform of the device that was fetched. |
MobileIronCore.Device.common_security_state | String | Security state of the device that was fetched. |
MobileIronCore.Device.user_display_name | String | Display name of the device that was fetched. |
MobileIronCore.Device.common_last_connected_at | Date | Date the device that was fetched was last connected. |
MobileIronCore.Device.common_uuid | String | Device UUID of the device that was fetched. |
MobileIronCore.Device.common_quarantined | Boolean | Whether the device was quarantined. |
MobileIronCore.Device.common_id | Number | ID of the device that was fetched. |
MobileIronCore.Device.common_imsi | String | International mobile subscriber identity (IMSI) of the device that was fetched. |
MobileIronCore.Device.common_owner | String | Owner of the device that was fetched. |
MobileIronCore.Device.user_email_address | String | User email address of the device that was fetched. |
MobileIronCore.Device.common_manufacturer | String | Manufacturer of the device that was fetched. |
MobileIronCore.Device.common_compliant | Boolean | Whether the device that was fetched is compliant. |
MobileIronCore.Device.user_user_id | String | User ID of the device that was fetched. |
MobileIronCore.Device.common_registration_date | Date | Registration date of the device that was fetched. |
MobileIronCore.Device.common_wifi_mac_address | String | WiFi MAC address of the device that was fetched. |
MobileIronCore.Device.common_noncompliance_reasons | String | Non-compliance reasons for the device that was fetched. |
MobileIronCore.Device.ios_iPhone_UDID | String | iPhone UDID of the device that was fetched. |
MobileIronCore.Device.ios_iPhone_MAC_ADDRESS_EN0 | String | IPhone MAC address EN0 of the device that was fetched. |
MobileIronCore.Device.ios_Current_MCC | String | Current MCC of the device that was fetched. |
MobileIronCore.Device.common_current_country_code | String | Current country code of the device that was fetched. |
MobileIronCore.Device.user_sam_account_name | String | SAM account name of the device that was fetched. |
MobileIronCore.Device.common_current_country_name | String | Current country nameCurrent country name of the device that was fetched. |
MobileIronCore.Device.common_home_country_name | String | Home country name of the device that was fetched. |
MobileIronCore.Device.common_home_country_code | String | Home country code of the device that was fetched. |
MobileIronCore.Device.common_device_is_compromised | Boolean | Whether the device that was fetched was compromised. |
MobileIronCore.Device.common_SerialNumber | String | Device serial number of the device that was fetched. |
MobileIronCore.Device.common_mdm_managed | Boolean | Whether the device that was fetched is MDM managed. |
#
Command Example!mobileiron-core-get-device-by-ip device_id=IP