Skip to main content

Zimperium v2

This Integration is part of the Zimperium Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.9.0 and later.

Fetch and investigate mobile security alerts, generated based on anomalous or unauthorized activities detected on a user's mobile device. This integration was integrated and tested with version v.5.24.0 of Zimperium v2.

This is the default integration for this content pack when configured by the Data Onboarder in Cortex XSIAM.

Some changes have been made that might affect your existing content. If you are upgrading from a previous version of this integration, see Breaking Changes.

Configure Zimperium v2 in Cortex#

ParameterDescriptionRequired
Server URL (e.g., https://mtduat.zimperium.com)True
Client IDTrue
Client SecretTrue
Fetch incidentsFalse
Search Params (e.g, severityName=CRITICAL,teamId=myId)Comma-separated list of search parameters and its values. Same as for the "zimperium-threat-search" command.False
Max fetchFalse
First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)False
Advanced: Minutes to look back when fetchingUse this parameter to determine how far back to look in the search for incidents that were created before the last run time and did not match the query when they were created.False
Trust any certificate (not secure)False
Use system proxy settingsFalse
Incident type

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

zimperium-users-search#


Search users. Only a user created as a "Team admin" is authorized to perform this request. Also, it will only get information about the teams that this user is associated with. Users that are not part of any team (such as account admin) won’t appear in the response.

Base Command#

zimperium-users-search

Input#

Argument NameDescriptionRequired
user_idThe ID of the user to search.Optional
page_sizeMaximum number of results to retrieve in each page. If a limit is not provided, default is 50.Optional
pagePage number. Default is 0.Optional
limitNumber of total results to return. Default is 50.Optional
team_idUsed to filter the user data by the team the user belongs to.Optional
emailThe email of the user to search.Optional

Context Output#

PathTypeDescription
Zimperium.User.idStringThe ID of the Zimperium user.
Zimperium.User.createdDateThe date and time that the user was created.
Zimperium.User.emailStringThe email address of the user.
Zimperium.User.firstNameStringThe first name of the user.
Zimperium.User.languagePreferenceUnknownThe language preference for the user.
Zimperium.User.lastLoginUnknownThe time of the last login of the user.
Zimperium.User.lastNameStringThe last name of the user.
Zimperium.User.middleNameUnknownThe middle name of the user.
Zimperium.User.modifiedDateThe date and time that the user was modified.
Zimperium.User.notificationEmailStringThe email address for the user's notifications.
Zimperium.User.phoneUnknownThe phone number of the user.
Zimperium.User.role.idStringThe role identifier of the user.
Zimperium.User.role.nameStringThe role name of the user.
Zimperium.User.role.scopeBoundsStringThe role scope for a user.
Zimperium.User.teams.idStringThe ID of the team of the user.
Zimperium.User.teams.nameStringThe name of the team of the user.
Zimperium.User.validatedBooleanThe user's validated status.

Command example#

!zimperium-users-search user_id="1" team_id="1"

Context Example#

{
"Zimperium": {
"User": {
"created": "2024-01-21T11:02:08.789+00:00",
"email": "email1@email.com",
"firstName": "name",
"id": "1",
"languagePreference": null,
"lastLogin": null,
"lastName": "name",
"middleName": null,
"modified": "2024-01-21T11:02:08.789+00:00",
"notificationEmail": "email1@email.com",
"phone": null,
"role": {
"id": "1",
"name": "Team Admin",
"scopeBounds": "TEAM_BOUNDED"
},
"teams": [
{
"id": "1",
"name": "Default"
}
],
"validated": false
}
}
}

Human Readable Output#

Users Search Results#

IdFirst NameLast NameEmailCreatedRoleTeams
1namenameemail1@email.com2024-01-21T11:02:08.789+00:00scopeBounds: TEAM_BOUNDED
name: Team Admin
id: 1
{'name': 'Default', 'id': '1'}

zimperium-devices-search#


Search devices.

Base Command#

zimperium-devices-search

Input#

Argument NameDescriptionRequired
device_idThe ID of the device to search for.Optional
page_sizeMaximum number of results to retrieve in each page. If a limit is not provided, default is 50.Optional
pagePage number. Default is 0.Optional
limitNumber of total results to return. Default is 50.Optional

Context Output#

PathTypeDescription
Zimperium.Device.accountIdStringThe account identifier of the device.
Zimperium.Device.activationNameStringThe activation name of the device.
Zimperium.Device.additionalDeviceInfoUnknownThe additional device information.
Zimperium.Device.agentTypeNumberThe agent type of the device.
Zimperium.Device.appStatusStringThe app status.
Zimperium.Device.appVersionsUnknownThe app version of the device.
Zimperium.Device.bundleIdUnknownThe bundle identifier of the device.
Zimperium.Device.createdDateThe date and time that the device was created.
Zimperium.Device.deletedBooleanWhether the device was deleted.
Zimperium.Device.developerOptionsOnBooleanWhether the developer options are on.
Zimperium.Device.deviceOwner.emailStringThe email address of the device owner.
Zimperium.Device.fullTypeStringThe device's full type.
Zimperium.Device.groupIdStringThe device group identifier.
Zimperium.Device.idStringThe unique identifier of the device.
Zimperium.Device.lastSeenDateThe time when the device was last seen.
Zimperium.Device.lockScreenUnprotectedBooleanWhether the device's lockscreen is unprotected or not.
Zimperium.Device.modelStringThe model of the device.
Zimperium.Device.os.idNumberThe operating system identifier of the device.
Zimperium.Device.os.maxOsVersionStringThe maximum operating system version of the device.
Zimperium.Device.os.nameStringThe operating system name.
Zimperium.Device.os.osVersionIdNumberThe operating system version identifier of the device.
Zimperium.Device.os.policyCompliantBooleanWhether the operating system policy is compliant in the device.
Zimperium.Device.os.typeStringThe operating system type of the device.
Zimperium.Device.os.versionStringThe operating system version of the device.
Zimperium.Device.processedBooleanWhether the device is processed.
Zimperium.Device.processedAtDateThe date and time that the device was processed.
Zimperium.Device.riskPostureNumberThe risk posture of the device.
Zimperium.Device.riskPostureNameStringThe risk posture name of the device.
Zimperium.Device.teamIdStringThe team ID of the device.
Zimperium.Device.teamNameStringThe team name of the device.
Zimperium.Device.threatStateUnknownThe threat state information.
Zimperium.Device.zappInstance.agentTypeNumberThe agent type of the device.
Zimperium.Device.zappInstance.buildNumberStringThe build number of the zappInstance.
Zimperium.Device.zappInstance.bundleIdStringThe bundle identifier of the zappInstance.
Zimperium.Device.zappInstance.groupIdStringThe Zimperium device group identifier for the zappInstance.
Zimperium.Device.zappInstance.idStringThe ID of the zappInstance.
Zimperium.Device.zappInstance.lastSeenDateThe last seen timestamp for the zappInstance.
Zimperium.Device.zappInstance.nameStringThe name of the zappInstance.
Zimperium.Device.zappInstance.policiesInfoStringThe policies information.
Zimperium.Device.zappInstance.versionStringThe version of the zappInstance.
Zimperium.Device.zappInstance.zappIdStringThe ID of the zappInstance.
Zimperium.Device.zappInstance.zbuildNumberStringThe Zimperium device's zappInstance.
Zimperium.Device.zappInstance.zversionStringThe device's zappInstance version.
Zimperium.Device.zdeviceIdStringThe zdevice ID.
Zimperium.Device.appVersions.appVersionIdStringThe app version ID of the device.
Zimperium.Device.appVersions.bundleIdStringThe bundle identifier of the app versions.
Zimperium.Device.os.maxOsPatchDateStringThe max patch date of operating system of the device.
Zimperium.Device.os.patchDateDateThe operating system patch date of the device.
Zimperium.Device.threatState.numberOfCriticalThreatsNumberThe number of critical threats detected on the device.
Zimperium.Device.zappInstance.permissionsStateUnknownThe permissions state on the device.
Zimperium.Device.dormancyProcessedBooleanThe device's dormancy processed status.
Zimperium.Device.os.versionUpgradeableBooleanThe operating system version upgradeable for the device.
Zimperium.Device.threatStateUnknownThe threat state of the device.
Zimperium.Device.zappInstance.policiesInfoUnknownThe device policies info.
Zimperium.Device.isJailbrokenBooleanWhether the endpoint's device is jailbroken or not.

Command example#

!zimperium-devices-search device_id="5"

Context Example#

{
"Zimperium": {
"Device": {
"accountId": "2",
"additionalDeviceInfo": [],
"agentType": 2,
"appStatus": "ACTIVE",
"appVersions": [],
"bundleId": "com.zimperium",
"created": 1703082619686,
"deleted": false,
"developerOptionsOn": true,
"deviceOwner": {
"email": "email"
},
"dormancyProcessed": false,
"fullType": "iPhone14,5",
"groupId": "1",
"id": "5",
"lastSeen": 1703083587626,
"lockScreenUnprotected": true,
"model": "iphone145",
"os": {
"id": 2,
"maxOsVersion": "17.2",
"name": "ios",
"osVersionId": 57106,
"policyCompliant": false,
"type": "iOS",
"version": "16.3",
"versionUpgradeable": true
},
"processed": true,
"processedAt": 1703082624526,
"riskPosture": 2,
"riskPostureName": "ELEVATED",
"teamId": "1",
"teamName": "Default",
"threatState": {
"addOrRemoveCritical": false,
"addOrRemoveRisky": false,
"criticalThreats": [],
"hadCriticalMitigation": false,
"hadRiskyMitigation": false,
"numberOfRiskyThreats": 5,
"riskyThreats": [
"5"
]
},
"zappInstance": [
{
"agentType": 2,
"buildNumber": "202",
"bundleId": "com.zimperium",
"externalTrackingId1": "",
"externalTrackingId2": "",
"groupId": "1",
"id": "3",
"lastSeen": 1703083587626,
"name": "MTD",
"policiesInfo": [
{
"deployedAt": 1702300970000,
"downloadedAt": 1703082621000,
"hash": "0d",
"type": "Threat iOS"
}
],
"serverlessDetection": false,
"version": "5.2.16",
"zappId": "c2",
"zbuildNumber": "202",
"zversion": "5.2.16"
}
],
"zdeviceId": "AF"
}
}
}

Human Readable Output#

Device Search Results#

Risk Posture NameIdModelOsBundle IdLast Seen
ELEVATED5iphone145id: 2
name: ios
type: iOS
version: 16.3
versionUpgradeable: true
maxOsVersion: 17.2
osVersionId: 57106
policyCompliant: false
com.zimperium2023-12-20 14:46:27

zimperium-report-get#


Gets a report.

Base Command#

zimperium-report-get

Input#

Argument NameDescriptionRequired
importanceThe importance of the threat. Possible values are: Low, Medium, High, All. Default is High.Optional
app_version_idThe ID of the app version for which to get a JSON report. Can be retrieved using the zimperium-app-version-list command, in the field "Zimperium.AppVersion.id".Required

Context Output#

PathTypeDescription
Zimperium.Report.ContentInformationStringThe content of the report.
Zimperium.Report.globNumberThe glob pattern for the Zimperium report.
Zimperium.Report.platformStringThe platform on which the report was created.
Zimperium.Report.report.androidAnalysisStringThe android analysis of the report.
Zimperium.Report.report.appPropertiesStringThe app properties.
Zimperium.Report.report.certificateStringThe certificate.
Zimperium.Report.report.communicationsStringThe communications.
Zimperium.Report.report.contentInformationStringThe content information of the report.
Zimperium.Report.report.distributionStringThe report distribution.
Zimperium.Report.report.jsonVersionStringThe JSON version of the report.
Zimperium.Report.report.riskProfileStringThe risk profile.
Zimperium.Report.report.scanDetailsUnknownThe description of the scan details for the report.
Zimperium.Report.report.scanVersionUnknownThe scan version of the Zimperium report.
Zimperium.Report.report.vulnerabilitiesUnknownThe vulnerabilities found in the report.
Zimperium.Report.resultNumberThe Zimperium report result.

Command example#

!zimperium-report-get app_version_id="61" importance="Low"

Context Example#

{
"Zimperium": {
"Report": {
"ContentInformation": "Copyright 2024 Zimperium",
"glob": 1,
"platform": "android",
"report": {
"androidAnalysis": {},
"appProperties": {
"extra": {
"itunesAppID": ""
},
"md5": "1",
"name": "Name",
"packageName": "com.url",
"packageSize": 101918436,
"platform": "android",
"sdkVersion": 22,
"sha1": "1",
"sha256": "1",
"version": "2.12.0",
"versionCode": "1"
},
"certificate": {
"SHA1 fingerprint": "1",
"SHA256 fingerprint": "1",
"issuer": {
"CN": "CN",
"O": "O"
},
"owner": {
"CN": "CN",
"O": "O"
}
},
"contentInformation": {
"copyright": "Copyright 2024 Zimperium"
},
"distribution": {
"marketData": []
},
"jsonVersion": "https://json-schema.org/draft/2020-12/schema",
"riskProfile": {
"malwareDetection": "",
"malwareFamily": "",
"malwareName": "",
"overallRisk": "High",
"privacyRisk": 30,
"securityRisk": 79
},
"scanDetails": [
{
"compliance": [],
"description": "The app is using unity",
"importance": "Low",
"kind": "Code Analysis",
"location": [],
"riskType": "security"
}
],
"scanVersion": {
"dynamicScan": false,
"ruleVersion": "1",
"scanDateTime": "2023-12-19T18:49:01+0000",
"scanEngine": "2.6.7",
"scanSucces": "Done",
"scanTargetOS": "android",
"scoreDateTime": "2023-12-19T18:49:00+0000"
},
"vulnerabilities": {}
},
"result": 1
}
}
}

Human Readable Output#

Report#

Risk TypeKindDescriptionLocationImportance
securityCode AnalysisThe app is using unityLow
privacyCapabilitiesThis app implements the SDK. This SDK has functionality that could create screenshots or screen recordings and potentially send them off device too an external resource.com.sdkLow
privacyBackupThis app has disabled the backup feature in Android. This can assist in protecting sensitive information from being exposed in the backup location.Low

Base Command#

zimperium-threat-search

Input#

Argument NameDescriptionRequired
afterThe date in the criteria after which the threat occurred.Required
beforeThe date in the criteria before which the threat occurred.Optional
search_paramsA comma-separated list of parameter and their values by which to filter your request. For example: 'device.os.version=7.1.1,vectorName=Device'. The parameters table is available under "Threat API Details" section in the "Threats" section, of the Zimperium API documentation, or on the website at https://mtduat.zimperium.com/ziap-docs/zips-docs/api/api_details_threat.html#optional-search-parameters-supported.Optional
team_idUsed to filter the user data by the team the user belongs to.Optional
osUsed to filter by the operating system. Possible values are: ios, android.Optional
severityThe severity of the threat. Possible values are: LOW, NORMAL, ELEVATED, CRITICAL.Optional
page_sizeMaximum number of results to retrieve in each page. If a limit is not provided, default is 50.Optional
pagePage number. Default is 0.Optional
limitNumber of total results to return. Default is 50.Optional

Context Output#

PathTypeDescription
Zimperium.Threat.idStringThe ID of the threat.
Zimperium.Threat.accountIdStringThe account identifier of the threat.
Zimperium.Threat.activationNameStringThe activation name of the threat.
Zimperium.Threat.agentTypeNumberThe agent type for the threat.
Zimperium.Threat.arpTablesInfoUnknownThe ARP tables information for the devices.
Zimperium.Threat.categoryIdNumberThe category of the threat.
Zimperium.Threat.classificationNumberThe classification of the threat.
Zimperium.Threat.classificationNameStringThe classification name for the threat.
Zimperium.Threat.detectionFilesUnknownThe threat detection files.
Zimperium.Threat.device.idStringThe unique identifier of the device.
Zimperium.Threat.device.mamDeviceIdStringThe mobile application management (MAM) ID of the device.
Zimperium.Threat.device.mdmDeviceIdStringThe mobile device management (MDM) ID of the device.
Zimperium.Threat.device.modelStringThe model of the device the threat was detected on.
Zimperium.Threat.device.os.idNumberThe operating system identifier of the device the threat was detected on.
Zimperium.Threat.device.os.nameStringThe operating system name for the device.
Zimperium.Threat.device.os.versionStringThe operating system version of the device.
Zimperium.Threat.device.zdeviceIdStringThe zDevice ID of the device.
Zimperium.Threat.deviceIdStringThe unique identifier of the device the threat was detected on.
Zimperium.Threat.deviceOwnerStringThe owner of the device.
Zimperium.Threat.eventProcessedTimestampDateThe timestamp when the threat event was processed.
Zimperium.Threat.eventReceivedTimestampDateThe timestamp when the threat event was received.
Zimperium.Threat.generalInfo.actionTriggeredStringThe threat action triggered on a threat.
Zimperium.Threat.generalInfo.bssidStringThe Basic Service Set Identifier (BSSID) of the threat.
Zimperium.Threat.generalInfo.deviceTimestampDateThe timestamp of the endpoint's device.
Zimperium.Threat.generalInfo.jailbreakReasonsStringThe jailbreak reasons for the threat.
Zimperium.Threat.generalInfo.ssidStringThe service set identifier (SSID) for the threat.
Zimperium.Threat.generalInfo.timeIntervalNumberThe time interval for a threat.
Zimperium.Threat.groupIdStringThe ID of the threat group.
Zimperium.Threat.lastModifiedDateThe time the threat was last modified.
Zimperium.Threat.mitigationEventsUnknownThe mitigation events for the threat.
Zimperium.Threat.nearByNetworksUnknownThe nearby networks for the threat.
Zimperium.Threat.networkStatisticsUnknownThe Zimperium threat network statistics.
Zimperium.Threat.osStringThe operating system.
Zimperium.Threat.policiesInfo.deployedAtDateThe date that the threat policy was deployed.
Zimperium.Threat.policiesInfo.downloadedAtDateThe date when the threat policy was downloaded.
Zimperium.Threat.policiesInfo.hashStringThe hash of the threat policy information.
Zimperium.Threat.policiesInfo.typeStringThe threat policy type.
Zimperium.Threat.processList.parentProcessIdStringThe parent process ID for a threat's process.
Zimperium.Threat.processList.processIdStringThe process ID for the threat process.
Zimperium.Threat.processList.processNameStringThe process name for the threat.
Zimperium.Threat.processList.serviceStringThe services associated with the process list.
Zimperium.Threat.processList.userStringThe users and processes that are involved in the threat process.
Zimperium.Threat.responses.eventIdStringThe unique identifier for an event in the threat response.
Zimperium.Threat.responses.responseIdNumberThe response identifier for a threat's response.
Zimperium.Threat.responses.timestampDateThe timestamp of the threat response.
Zimperium.Threat.runningServicesUnknownThe running services.
Zimperium.Threat.severityNumberThe severity of the threat.
Zimperium.Threat.severityNameStringThe severity name of the threat.
Zimperium.Threat.simulatedBooleanIs the threat simulated.
Zimperium.Threat.stateNumberThe threat state.
Zimperium.Threat.suspiciousUrlInfoUnknownThe suspicious URL information.
Zimperium.Threat.teamIdStringThe ID of the threat team for an incident.
Zimperium.Threat.teamNameStringThe threat team name for the Incident.
Zimperium.Threat.threatTypeIdNumberThe threat type identifier for the threat.
Zimperium.Threat.threatTypeNameStringThe threat type for the threat.
Zimperium.Threat.timestampDateThe timestamp of the threat.
Zimperium.Threat.timestampInfoUnknownThe timestamp information of the threat.
Zimperium.Threat.vectorNumberThe threat vector for the incident.
Zimperium.Threat.vectorNameStringThe vector name for a threat.
Zimperium.Threat.zappIdStringThe Zimperium threat app identifier.
Zimperium.Threat.zappInstanceUnknownThe threat Zapp instance information.
Zimperium.Threat.zappInstanceIdStringThe Zapp threat instance ID.
Zimperium.Threat.zeventIdStringThe Zimperium threat event identifier.
Zimperium.Threat.arpTablesInfoUnknownThe ARP tables info for the threat.
Zimperium.Threat.locationInfo.geoPoint.latNumberThe latitude of the geoPoint.
Zimperium.Threat.locationInfo.geoPoint.lonNumberThe longitude of the geoPoint.
Zimperium.Threat.locationInfo.sourceStringThe threat's source location information.
Zimperium.Threat.generalInfo.expectedOsVersionStringThe expected operating system version for the threat.
Zimperium.Threat.generalInfo.vulnerableOsVersionStringThe vulnerable operating system version for the threat.
Zimperium.Threat.generalInfo.vulnerableSecurityPatchStringThe vulnerable security patch for the endpoint.
Zimperium.Threat.mitigatedAtDateThe date when the Threat was mitigated.

Command example#

!zimperium-threat-search after="3 month" team_id="33" limit=1

Context Example#

{
"Zimperium": {
"Threat": {
"accountId": "25",
"activationName": "user@email.com",
"agentType": 2,
"arpTablesInfo": {
"before": [
{
"ip": "1.1.1.1",
"mac": "1.1.1.1"
}
]
},
"categoryId": 15,
"classification": 1,
"classificationName": "CRITICAL",
"detectionFiles": [],
"device": {
"id": "6",
"mamDeviceId": "",
"mdmDeviceId": "",
"model": "ONEPLUS A5000",
"os": {
"id": 1,
"name": "ANDROID",
"version": "7.1.1"
},
"zdeviceId": "5"
},
"deviceId": "6",
"deviceOwner": "user@email.com",
"eventProcessedTimestamp": 1702393167374,
"eventReceivedTimestamp": 1702393167359,
"generalInfo": {
"actionTriggered": "Silent Alert",
"deviceTimestamp": 1702393165000,
"jailbreakReasons": "SELinux disabled",
"timeInterval": 8
},
"groupId": "37",
"id": "d7",
"lastModified": 1702393165000,
"mitigationEvents": [],
"nearByNetworks": [],
"networkStatistics": [],
"os": "android",
"policiesInfo": [
{
"deployedAt": 1701806956000,
"downloadedAt": 1702393157000,
"type": "App Policy Android v2"
}
],
"processList": [
{
"parentProcessId": "1585",
"processId": "7839",
"processName": "com.zimperium",
"service": "n/a",
"user": "1"
}
],
"responses": [
{
"eventId": "1",
"responseId": 3,
"timestamp": 1702393165000
}
],
"runningServices": [],
"severity": 3,
"severityName": "CRITICAL",
"simulated": false,
"state": 1,
"suspiciousUrlInfo": {},
"teamId": "33",
"teamName": "Default",
"threatTypeId": 37,
"threatTypeName": "SYSTEM TAMPERING",
"timestamp": 1702393165000,
"timestampInfo": {
"timestamp": 1702393165000,
"toTheDay": 1702339200000,
"toTheHour": 1702389600000,
"toTheMinute": 1702393140000,
"toTheSecond": 1702393165000
},
"vector": 2,
"vectorName": "Device",
"zappId": "40",
"zappInstance": {
"buildNumber": "230829190",
"bundleId": "com.zimperium",
"id": "63",
"name": "MTD",
"version": "5.2.14",
"zbuildNumber": "23082919",
"zversion": "5.2.14"
},
"zappInstanceId": "63",
"zeventId": "a1"
}
}
}

Human Readable Output#

Threat Search Result#

IdSeverity NameStateVector NameThreat Type NameOsDevice OwnerDevice IdTeam NameTimestamp
d7CRITICAL1DeviceSYSTEM TAMPERINGandroiduser@email.com6Default2023-12-12 14:59:25

zimperium-app-version-list#


List the app versions.

Base Command#

zimperium-app-version-list

Input#

Argument NameDescriptionRequired
bundle_idThe bundle ID of the app for which to get its app version.Optional
page_sizeMaximum number of results to retrieve in each page. If a limit is not provided, default is 50.Optional
pagePage number. Default is 0.Optional
limitNumber of total results to return. Default is 50.Optional

Context Output#

PathTypeDescription
Zimperium.AppVersion.idStringThe ID of the threat.
Zimperium.AppVersion.accountIdStringThe account identifier for the Zimperium app version.
Zimperium.AppVersion.bundleIdStringThe bundle identifier for the Zimperium app version.
Zimperium.AppVersion.classificationStringThe classification of the Zimperium app version.
Zimperium.AppVersion.createdDateWhen the app version was created.
Zimperium.AppVersion.hashStringThe hash of the Zimperium app version.
Zimperium.AppVersion.nameStringThe name of the Zimperium app version.
Zimperium.AppVersion.platformStringThe platform on which the Zimperium app version is running.
Zimperium.AppVersion.platformIdNumberThe platform identifier for the Zimperium app version.
Zimperium.AppVersion.privacyStringThe privacy setting for the app version.
Zimperium.AppVersion.privacyRiskNumberThe privacy risk for the Zimperium app version.
Zimperium.AppVersion.processStateStringThe process state of the app version.
Zimperium.AppVersion.reportRequestIdStringThe Zimperium app version report request ID.
Zimperium.AppVersion.riskVersionStringThe risk version of the Zimperium app version.
Zimperium.AppVersion.securityStringThe security of the Zimperium app version.
Zimperium.AppVersion.securityRiskNumberThe security risk of the Zimperium app version.
Zimperium.AppVersion.sourceStringThe Zimperium app version source.
Zimperium.AppVersion.updatedOnDateThe date and time when the app version was updated.
Zimperium.AppVersion.versionStringThe version of the Zimperium app version.
Zimperium.AppVersion.developerNameStringThe developer name for the Zimperium app version.
Zimperium.AppVersion.developerSignatureStringThe developer signature for the Zimperium app version.
Zimperium.AppVersion.filenameStringThe filename of the Zimperium app version.
Zimperium.AppVersion.managedBooleanWhether the app version is managed.

Command example#

!zimperium-app-version-list bundle_id="com.url"

Context Example#

{
"Zimperium": {
"AppVersion": [
{
"accountId": "2",
"bundleId": "com.url",
"classification": "LEGIT",
"created": 1702304668599,
"hash": "E3",
"id": "7",
"name": "Name",
"platform": "android",
"platformId": 1,
"privacy": "Low",
"privacyRisk": 30,
"processState": "AVAILABLE",
"reportRequestId": "E3",
"riskVersion": "2.12.0",
"security": "High",
"securityRisk": 79,
"source": "UPLOAD",
"updatedOn": 1702308488217,
"version": "2.12.0"
},
{
"accountId": "2",
"bundleId": "com.url",
"classification": "LEGIT",
"created": 1702305485276,
"developerName": "TShih",
"developerSignature": "02",
"filename": "/tmp/sample",
"hash": "04",
"id": "61",
"managed": false,
"name": "Name",
"platform": "android",
"platformId": 1,
"privacy": "Low",
"privacyRisk": 30,
"processState": "AVAILABLE",
"riskVersion": "2.12.0",
"security": "High",
"securityRisk": 79,
"source": "GLOBAL",
"updatedOn": 1702308488294,
"version": "2.12.0"
}
]
}
}

Human Readable Output#

App Version List#

IdNameBundle IdVersionPlatformSecurityPrivacyClassificationDeveloper NameCreatedUpdated On
7Namecom.url2.12.0androidHighLowLEGIT2023-12-11 14:24:282023-12-11 15:28:08
61Namecom.url2.12.0androidHighLowLEGITTShih2023-12-11 14:38:052023-12-11 15:28:08

zimperium-get-devices-by-cve#


Gets a devices associated with a specific CVE.

Base Command#

zimperium-get-devices-by-cve

Input#

Argument NameDescriptionRequired
cve_idThe ID of the CVE which is input.Required
afterThe date in the criteria after which the threat occurred.Optional
beforeThe date in the criteria before which the threat occurred.Optional
team_idUsed to filter the user data by the team the user belongs to.Optional
page_sizeMaximum number of results to retrieve in each page. If a limit is not provided, default is 50.Optional
pagePage number. Default is 0.Optional
limitNumber of total results to return. Default is 50.Optional

Context Output#

PathTypeDescription
Zimperium.DeviceByCVE.idStringThe ID of the device.
Zimperium.DeviceByCVE.cveIdStringThe ID of the CVE.
Zimperium.DeviceByCVE.os.idNumberThe operating system identifier of the device.
Zimperium.DeviceByCVE.os.maxOsPatchDateStringThe device operating system max patch date.
Zimperium.DeviceByCVE.os.maxOsVersionStringThe device operating system max version.
Zimperium.DeviceByCVE.os.nameStringThe operating system name of the device.
Zimperium.DeviceByCVE.os.osVersionIdNumberThe operating system version identifier of the device.
Zimperium.DeviceByCVE.os.patchDateDateThe patch date for of the operating system.
Zimperium.DeviceByCVE.os.policyCompliantBooleanWhether the operating system policy is compliant with the device.
Zimperium.DeviceByCVE.os.typeStringThe operating system type of the device.
Zimperium.DeviceByCVE.os.versionStringThe operating system version of the device.
Zimperium.DeviceByCVE.os.versionUpgradeableBooleanWhether the operating system version was upgradeable.
Zimperium.DeviceByCVE.teamIdStringThe team ID of the device.
Zimperium.DeviceByCVE.zdeviceIdStringThe zdevice ID of the device.

Command example#

!zimperium-get-devices-by-cve cve_id="CVE-2021-1886" limit=1

Context Example#

{
"Zimperium": {
"DeviceCVE": {
"id": "6",
"cveId": "CVE-2021-1886",
"os": {
"id": 1,
"maxOsPatchDate": "20200901",
"maxOsVersion": "10",
"name": "android",
"osVersionId": 57063,
"patchDate": "2017-09-01",
"policyCompliant": false,
"type": "Android",
"version": "7.1.1",
"versionUpgradeable": true
},
"teamId": "33",
"zdeviceId": "5"
}
}
}

Human Readable Output#

Devices Associated with CVE-2021-1886#

IdZdevice IdTeam IdOs
6533id: 1
name: android
type: Android
version: 7.1.1
patchDate: 2017-09-01
versionUpgradeable: true
maxOsVersion: 10
maxOsPatchDate: 20200901
osVersionId: 57063
policyCompliant: false

zimperium-devices-os-version#


Gets devices associated with a specific operating system version.

Base Command#

zimperium-devices-os-version

Input#

Argument NameDescriptionRequired
os_versionThe name of the version which is input. Can be retrieved using zimperium-devices-search command under "Zimperium.Device.os.version".Required
os_patch_dateThe date of the patch for a specific version. The date format is YYYY-MM-DD. This field is only applicable to Android. If you include this field, only CVEs for Android are returned since this value does not apply to iOS.Optional
deletedThis is used to request the devices that have been deleted. Possible values are: true, false.Optional
afterThe date in the criteria after which the threat occurred.Optional
beforeThe date in the criteria before which the threat occurred.Optional
team_idThis is used to filter the data to their respective teams.Optional
page_sizeMaximum number of results to retrieve in each page. If a limit is not provided, default is 50.Optional
pagePage number. Default is 0.Optional
limitNumber of total results to return. Default is 50.Optional

Context Output#

PathTypeDescription
Zimperium.DeviceOsVersion.idStringThe ID of the device.
Zimperium.DeviceOsVersion.os.idNumberThe operating system identifier of the device.
Zimperium.DeviceOsVersion.os.maxOsPatchDateStringThe device operating system max patch date.
Zimperium.DeviceOsVersion.os.maxOsVersionStringThe device operating system max version.
Zimperium.DeviceOsVersion.os.nameStringThe operating system name of the device.
Zimperium.DeviceOsVersion.os.osVersionIdNumberThe operating system version identifier of the device.
Zimperium.DeviceOsVersion.os.patchDateDateThe patch date of the device's operating system.
Zimperium.DeviceOsVersion.os.policyCompliantBooleanWhether the endpoint's operating system is compliant with the policy.
Zimperium.DeviceOsVersion.os.typeStringThe operating system type.
Zimperium.DeviceOsVersion.os.versionStringThe operating system version.
Zimperium.DeviceOsVersion.os.versionUpgradeableBooleanWhether the device's operating system is upgradeable.
Zimperium.DeviceOsVersion.teamIdStringThe team ID of the device.
Zimperium.DeviceOsVersion.zdeviceIdStringThe zdevice ID of the device.

Command example#

!zimperium-devices-os-version os_version="9"

Context Example#

{
"Zimperium": {
"DeviceOsVersion": {
"id": "2a",
"os": {
"id": 1,
"maxOsPatchDate": "20230501",
"maxOsVersion": "13",
"name": "android",
"osVersionId": 57062,
"patchDate": "2019-08-05",
"policyCompliant": false,
"type": "Android",
"version": "9",
"versionUpgradeable": true
},
"teamId": "1",
"zdeviceId": "a8"
}
}
}

Human Readable Output#

Device Os Version#

IdTeam IdOs
2a1id: 1
name: android
type: Android
version: 9
patchDate: 2019-08-05
versionUpgradeable: true
maxOsVersion: 13
maxOsPatchDate: 20230501
osVersionId: 57062
policyCompliant: false

zimperium-get-cves-by-device#


Gets the CVEs associated with a specific device.

Base Command#

zimperium-get-cves-by-device

Input#

Argument NameDescriptionRequired
device_idThe device ID to get CVEs for.Required
page_sizeMaximum number of results to retrieve in each page. If a limit is not provided, default is 50.Optional
pagePage number. Default is 0.Optional
limitNumber of total results to return. Default is 50.Optional

Context Output#

PathTypeDescription
Zimperium.CVEByDevice.idStringThe ID of the CVE.
Zimperium.CVEByDevice.deviceIdStringThe ID of the device.
Zimperium.CVEByDevice.activeExploitBooleanWhether the CVE is active or not.
Zimperium.CVEByDevice.exploitPocUrl.exploitPocUrlsUnknownThe exploit POC URLs for the CVE.
Zimperium.CVEByDevice.severityStringThe severity of a CVE on the device.
Zimperium.CVEByDevice.typeStringThe CVE type.
Zimperium.CVEByDevice.urlStringThe URL of the CVE.

Command example#

!zimperium-get-cves-by-device device_id="2a"

Context Example#

{
"Zimperium": {
"CVEDevice": [
{
"activeExploit": false,
"exploitPocUrl": {
"exploitPocUrls": []
},
"id": "CVE-2019-2173",
"severity": "High",
"type": "Elevation of privilege",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2173",
"deviceId": "2a"
},
{
"activeExploit": false,
"exploitPocUrl": {
"exploitPocUrls": []
},
"id": "CVE-2019-2176",
"severity": "Critical",
"type": "Remote code execution",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2176",
"deviceId": "2a"
}
]
}
}

Human Readable Output#

CVE on Device 2a#

IdTypeSeverityUrlActive ExploitExploit Poc Url
CVE-2019-2173Elevation of privilegeHighhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2173falseexploitPocUrls:
CVE-2019-2176Remote code executionCriticalhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2176falseexploitPocUrls:

zimperium-vulnerability-get#


Gets the vulnerabilities.

Base Command#

zimperium-vulnerability-get

Input#

Argument NameDescriptionRequired
page_sizeMaximum number of results to retrieve in each page. If a limit is not provided, default is 50.Optional
pagePage number. Default is 0.Optional
limitNumber of total results to return. Default is 50.Optional

Context Output#

PathTypeDescription
Zimperium.Vulnerability.idStringThe ID of the vulnerability.
Zimperium.Vulnerability.blueBorneVulnerableBooleanWhether the operating system is blue born vulnerable.
Zimperium.Vulnerability.cveCountNumberNumber of CVEs on the operating system.
Zimperium.Vulnerability.lastCveSyncDateThe date of the last CVE sync.
Zimperium.Vulnerability.osNumberThe vulnerability operating system.
Zimperium.Vulnerability.osPatchDateUnknownThe max patch date of operating system.
Zimperium.Vulnerability.osRiskChecksumStringThe operating system risk checksum.
Zimperium.Vulnerability.osVersionStringThe operating system version.
Zimperium.Vulnerability.osVersionAndPatchDateStringThe operating system version and the patch date.
Zimperium.Vulnerability.riskStringThe risk classification.

Command example#

!zimperium-vulnerability-get limit=1

Context Example#

{
"Zimperium": {
"Vulnerability": {
"blueBorneVulnerable": false,
"cveCount": 432,
"id": 56745,
"lastCveSync": 1707218387516,
"os": 2,
"osPatchDate": null,
"osRiskChecksum": "6A",
"osVersion": "14.6",
"osVersionAndPatchDate": "14.6",
"risk": "Critical"
}
}
}

Human Readable Output#

Vulnerabilities List#

IdOsOs Version And Patch DateOs VersionOs Patch DateRiskCve CountLast Cve SyncOs Risk ChecksumBlue Borne Vulnerable
56745214.614.6Critical4322024-02-06 11:19:476Afalse

zimperium-policy-group-list#


Get policy groups.

Base Command#

zimperium-policy-group-list

Input#

Argument NameDescriptionRequired
moduleThe module parameter is required to get the groups related to EMM connection or ZIPS connection. Default is "ZIPS". Possible values are: EMM, ZIPS.Optional

Context Output#

PathTypeDescription
Zimperium.PolicyGroup.idStringThe ID of the policy group.
Zimperium.PolicyGroup.accountIdStringThe account identifier for the policy group's content.
Zimperium.PolicyGroup.appPolicyIdStringThe app policy ID of the policy group.
Zimperium.PolicyGroup.appSettingsIdStringThe app settings ID of the policy group.
Zimperium.PolicyGroup.brandingPolicyIdUnknownThe branding policy identifier of the policy group.
Zimperium.PolicyGroup.createdDateThe date and time the policy group was created.
Zimperium.PolicyGroup.descriptionStringThe description of the policy group.
Zimperium.PolicyGroup.dormancyPolicyIdStringThe dormancy policy identifier of the policy group.
Zimperium.PolicyGroup.emmConnectionIdUnknownThe enterprise mobile management (EMM) connection ID of the policy group.
Zimperium.PolicyGroup.emmGroupIdUnknownThe enterprise mobile management (EMM) group ID of the policy group.
Zimperium.PolicyGroup.emmPriorityUnknownThe enterprise mobile management (EMM) priority of the policy group.
Zimperium.PolicyGroup.extensionPolicyIdStringThe extension policy identifier of the policy group.
Zimperium.PolicyGroup.content.globalBooleanWhether the policy group is global.
Zimperium.PolicyGroup.knoxPolicyIdUnknownThe Knox policy ID of the policy group.
Zimperium.PolicyGroup.modifiedDateThe date and time when the policy group was last modified.
Zimperium.PolicyGroup.nameStringThe name of the policy group.
Zimperium.PolicyGroup.networkPolicyIdStringThe network policy ID of the policy group.
Zimperium.PolicyGroup.osRiskPolicyIdStringThe operating system risk policy ID of the policy group.
Zimperium.PolicyGroup.phishingPolicyIdStringThe phishing policy identifier of the policy group.
Zimperium.PolicyGroup.privacyIdStringThe privacy identifier of the policy group.
Zimperium.PolicyGroup.team.idStringThe ID of the team associated with the policy group.
Zimperium.PolicyGroup.team.nameStringThe team name of the policy group.
Zimperium.PolicyGroup.trmIdStringThe Threat Response Matrix (TRM) ID of the policy group.
Zimperium.PolicyGroup.teamUnknownThe policy group's team information.

Command example#

!zimperium-policy-group-list

Context Example#

{
"Zimperium": {
"PolicyGroup": [
{
"accountId": "2",
"appPolicyId": "2",
"appSettingsId": "a5",
"brandingPolicyId": null,
"created": "2024-01-22T11:37:36.749+00:00",
"description": "test",
"dormancyPolicyId": "2",
"emmConnectionId": null,
"emmGroupId": null,
"emmPriority": null,
"extensionPolicyId": "2",
"global": false,
"id": "65",
"knoxPolicyId": null,
"modified": "2024-01-22T11:37:36.749+00:00",
"name": "Test",
"networkPolicyId": "2",
"osRiskPolicyId": "2",
"phishingPolicyId": "2",
"privacyId": "a2",
"team": {
"id": "1",
"name": "Default"
},
"trmId": "er"
}
]
}
}

Human Readable Output#

Policy Group List#

IdNameTeamPrivacy IdTrm IdPhishing Policy IdApp Settings IdApp Policy IdNetwork Policy IdOs Risk Policy Id
65Testid: 1
name: Default
a2er2a5222

zimperium-policy-privacy-get#


Get a privacy policy by its identifier.

Base Command#

zimperium-policy-privacy-get

Input#

Argument NameDescriptionRequired
policy_idThe identifier of the policy. Can be retrieved using zimperium-policy-group-list in the Zimperium.PolicyGroup.privacyId field.Required

Context Output#

PathTypeDescription
Zimperium.PolicyPrivacy.idStringThe policy privacy identifier.
Zimperium.PolicyPrivacy.accountIdStringThe account identifier of the policy.
Zimperium.PolicyPrivacy.assignedBooleanWhether the policy privacy is assigned.
Zimperium.PolicyPrivacy.createdDateThe date and time the policy was created.
Zimperium.PolicyPrivacy.globalBooleanWhether the policy settings are global.
Zimperium.PolicyPrivacy.groupsStringThe groups the policy are associated with.
Zimperium.PolicyPrivacy.jsonHashStringThe JSON hash for the policy privacy policy.
Zimperium.PolicyPrivacy.locationAccuracyNumberThe location accuracy for the policy.
Zimperium.PolicyPrivacy.modifiedDateThe date and time when the policy was modified.
Zimperium.PolicyPrivacy.nameStringThe name of the policy.
Zimperium.PolicyPrivacy.protoHashStringThe hash of the policy.
Zimperium.PolicyPrivacy.rulesUnknownThe policy rules list.
Zimperium.PolicyPrivacy.rules.idStringThe ID of the rule.
Zimperium.PolicyPrivacy.teamUnknownThe team for the policy.
Zimperium.PolicyPrivacy.teamIdUnknownThe team ID the policy is associated with.

Command example#

!zimperium-policy-privacy-get policy_id="a2"

Context Example#

{
"Zimperium": {
"PolicyPrivacy": {
"accountId": "2",
"assigned": true,
"created": "2023-12-05T20:09:16.621+00:00",
"global": true,
"groups": [
{
"accountId": "2",
"created": "2024-01-22T11:37:36.749+00:00",
"description": "test",
"emm": false,
"global": false,
"groupActivations": [],
"id": "65",
"modified": "2024-01-22T11:37:36.749+00:00",
"name": "Test",
"staticFilesWritten": "2024-02-05T06:00:03.460+00:00",
"userActivations": [],
"zapps": []
},
{
"accountId": "2",
"created": "2023-12-05T20:09:16.621+00:00",
"description": "Default Group",
"emm": false,
"global": true,
"groupActivations": [],
"id": "37",
"modified": "2023-12-05T20:09:16.621+00:00",
"name": "Default Group",
"staticFilesWritten": "2024-02-06T06:00:37.129+00:00",
"userActivations": [
{
"id": "40"
}
],
"zapps": []
}
],
"id": "a2",
"jsonHash": "7d",
"locationAccuracy": 0,
"modified": "2023-12-05T20:09:16.853+00:00",
"name": "Default",
"rules": [
{
"collectibleId": 0,
"id": "3b",
"shouldCollect": false
}
],
"staticFilesWritten": "2023-12-05T20:09:19.079+00:00",
"team": null,
"teamId": null
}
}
}

Human Readable Output#

Privacy Policy#

IdNameCreatedModified
a2Default2023-12-05T20:09:16.621+00:002023-12-05T20:09:16.853+00:00

zimperium-policy-threat-get#


Get a threat policy by its identifier.

Base Command#

zimperium-policy-threat-get

Input#

Argument NameDescriptionRequired
policy_idThe identifier of the policy. Can be retrieved using zimperium-policy-group-list in the Zimperium.PolicyGroup.trmId field.Required

Context Output#

PathTypeDescription
Zimperium.PolicyThreat.idStringThe identifier of the policy.
Zimperium.PolicyThreat.accountIdStringThe account identifier of the policy.
Zimperium.PolicyThreat.androidJsonHashStringThe Android JSON hash.
Zimperium.PolicyThreat.androidProtoHashStringThe Android Proto hash.
Zimperium.PolicyThreat.assignedBooleanWhether the policy is assigned.
Zimperium.PolicyThreat.createdDateThe date and time the policy threat was created.
Zimperium.PolicyThreat.deploymentDateDateThe date when the policy deployment occurred.
Zimperium.PolicyThreat.globalBooleanWhether the policy settings are global.
Zimperium.PolicyThreat.groupsUnknownThe groups the policy are associated with.
Zimperium.PolicyThreat.iosJsonHashStringIOS JSON hash.
Zimperium.PolicyThreat.iosProtoHashStringIOS Proto hash.
Zimperium.PolicyThreat.isDeployedBooleanWhether the policy threat is deployed or not.
Zimperium.PolicyThreat.modifiedDateThe date and time when the policy was modified.
Zimperium.PolicyThreat.nameStringThe name of the policy.
Zimperium.PolicyThreat.rulesUnknownThe policy rules list.
Zimperium.PolicyThreat.rules.idStringThe ID of the policy rule.

Command example#

!zimperium-policy-threat-get policy_id="er"

Context Example#

{
"Zimperium": {
"PolicyThreat": {
"accountId": "2",
"androidJsonHash": "eb",
"androidProtoHash": "4f",
"assigned": true,
"created": "2023-12-05T20:09:16.621+00:00",
"deploymentDate": "2023-12-05T20:09:18.474+00:00",
"emm": false,
"global": true,
"groups": [
{
"accountId": "2",
"created": "2024-01-22T11:37:36.749+00:00",
"description": "test",
"emm": false,
"global": false,
"groupActivations": [],
"id": "65",
"modified": "2024-01-22T11:37:36.749+00:00",
"name": "Test",
"staticFilesWritten": "2024-02-05T06:00:03.460+00:00",
"userActivations": [],
"zapps": []
},
{
"accountId": "2",
"created": "2023-12-05T20:09:16.621+00:00",
"description": "Default Group",
"emm": false,
"global": true,
"groupActivations": [],
"id": "37",
"modified": "2023-12-05T20:09:16.621+00:00",
"name": "Default Group",
"staticFilesWritten": "2024-02-06T06:00:37.129+00:00",
"userActivations": [
{
"id": "40"
}
],
"zapps": []
}
],
"id": "er",
"iosJsonHash": "eb",
"iosProtoHash": "4f",
"isDeployed": true,
"modified": "2023-12-05T20:09:17.184+00:00",
"name": "Default",
"rules": [
{
"alertUser": false,
"customResponses": [],
"id": "b9",
"legacyMdmMitigationAction": null,
"legacyMdmThreatAction": null,
"mdmMitigationAction": null,
"mdmMitigationTarget": null,
"mdmThreatAction": null,
"mdmThreatTarget": null,
"responses": [],
"severity": 0,
"shouldCollect": true,
"threatTypeId": 0
}
],
"staticFilesWritten": "2023-12-05T20:09:18.129+00:00"
}
}
}

Human Readable Output#

Threat Policy#

IdIs DeployedNameCreatedModified
ertrueDefault2023-12-05T20:09:16.621+00:002023-12-05T20:09:17.184+00:00

zimperium-policy-phishing-get#


Get a phishing policy by its identifier.

Base Command#

zimperium-policy-phishing-get

Input#

Argument NameDescriptionRequired
policy_idThe identifier of the policy. Can be retrieved using zimperium-policy-group-list in the Zimperium.PolicyGroup.phishingPolicyId field.Required

Context Output#

PathTypeDescription
Zimperium.PolicyPhishing.idStringThe identifier of the policy.
Zimperium.PolicyPhishing.accessControlListUnknownThe access control list for the policy resource.
Zimperium.PolicyPhishing.accountIdStringThe account identifier of the policy.
Zimperium.PolicyPhishing.allowEndUserControlBooleanWhether the end user is allowed to control the policy.
Zimperium.PolicyPhishing.contentCategoryActionListUnknownThe content of the policy category action.
Zimperium.PolicyPhishing.createdDateThe date and time the policy threat was created.
Zimperium.PolicyPhishing.enableDnsPhishingTutorialBooleanWhether the DNS phishing tutorial is enabled.
Zimperium.PolicyPhishing.enableMessageFilterTutorialBooleanWhether the message filter tutorial is enabled.
Zimperium.PolicyPhishing.enableSafariBrowserExtensionTutorialBooleanWhether the Safari Browser Extension tutorial is enabled.
Zimperium.PolicyPhishing.globalBooleanWhether the policy settings are global.
Zimperium.PolicyPhishing.groupsUnknownThe groups the policy are associated with.
Zimperium.PolicyPhishing.isDnsEnabledBooleanWhether DNS is enabled or not.
Zimperium.PolicyPhishing.modifiedDateThe date and time when the policy was modified.
Zimperium.PolicyPhishing.nameStringThe name of the policy.
Zimperium.PolicyPhishing.phishingDetectionActionStringThe phishing detection action.
Zimperium.PolicyPhishing.phishingPolicyTypeStringThe phishing policy type.
Zimperium.PolicyPhishing.teamUnknownThe team the policy is associated with.
Zimperium.PolicyPhishing.teamIdUnknownThe ID of the team.
Zimperium.PolicyPhishing.useLocalVpnBooleanWhether to use a local VPN or not.
Zimperium.PolicyPhishing.useRemoteContentInspectionBooleanWhether to use remote content inspection.
Zimperium.PolicyPhishing.useUrlSharingBooleanWhether the URL sharing is enabled or not.

Command example#

!zimperium-policy-phishing-get policy_id="2"

Context Example#

{
"Zimperium": {
"PolicyPhishing": {
"accessControlList": null,
"accountId": "2",
"allowEndUserControl": false,
"contentCategoryActionList": [],
"created": "2023-12-05T20:09:16.621+00:00",
"enableDnsPhishingTutorial": false,
"enableMessageFilterTutorial": true,
"enableSafariBrowserExtensionTutorial": true,
"global": true,
"groups": [
{
"accountId": "2",
"created": "2024-01-22T11:37:36.749+00:00",
"description": "test",
"emm": false,
"global": false,
"groupActivations": [],
"id": "65",
"modified": "2024-01-22T11:37:36.749+00:00",
"name": "Test",
"staticFilesWritten": "2024-02-05T06:00:03.460+00:00",
"userActivations": [],
"zapps": []
},
{
"accountId": "2",
"created": "2023-12-05T20:09:16.621+00:00",
"description": "Default Group",
"emm": false,
"global": true,
"groupActivations": [],
"id": "37",
"modified": "2023-12-05T20:09:16.621+00:00",
"name": "Default Group",
"staticFilesWritten": "2024-02-06T06:00:37.129+00:00",
"userActivations": [
{
"id": "40"
}
],
"zapps": []
}
],
"id": "2",
"isDnsEnabled": false,
"modified": "2023-12-11T13:33:08.481+00:00",
"name": "Default",
"phishingDetectionAction": "WARN",
"phishingPolicyType": "ON_DEVICE",
"team": null,
"teamId": null,
"useLocalVpn": true,
"useRemoteContentInspection": true,
"useUrlSharing": true
}
}
}

Human Readable Output#

Phishing Policy#

IdNameCreatedModifiedEnable Safari Browser Extension TutorialEnable Dns Phishing TutorialUse Local VpnUse Url SharingAllow End User ControlUse Remote Content InspectionEnable Message Filter TutorialPhishing Detection ActionPhishing Policy Type
2Default2023-12-05T20:09:16.621+00:002023-12-11T13:33:08.481+00:00truefalsetruetruefalsetruetrueWARNON_DEVICE

zimperium-policy-app-settings-get#


List the app versions.

Base Command#

zimperium-policy-app-settings-get

Input#

Argument NameDescriptionRequired
app_settings_policy_idThe identifier of the policy. Can be retrieved using zimperium-policy-group-list in the Zimperium.PolicyGroup.appSettingsId field.Required

Context Output#

PathTypeDescription
Zimperium.PolicyAppSetting.idStringThe identifier of the policy.
Zimperium.PolicyAppSetting.accountIdStringThe account identifier of the policy.
Zimperium.PolicyAppSetting.appRiskLookupEnabledBooleanWhether the app risk lookup is enabled or not.
Zimperium.PolicyAppSetting.assignedBooleanWhether the policy is assigned.
Zimperium.PolicyAppSetting.autoActivateKnoxBooleanWhether Knox should be automatically activated.
Zimperium.PolicyAppSetting.autoBatteryOptimizationEnabledBooleanWhether the battery optimization is enabled.
Zimperium.PolicyAppSetting.cogitoEnabledBooleanWhether the cogito is enabled.
Zimperium.PolicyAppSetting.cogitoThresholdNumberThe cogito threshold.
Zimperium.PolicyAppSetting.createdDateThe date and time the policy was created.
Zimperium.PolicyAppSetting.dangerzoneEnabledBooleanWhether the danger zone is enabled or not.
Zimperium.PolicyAppSetting.detectionEnabledBooleanWhether detection is enabled.
Zimperium.PolicyAppSetting.forensicAnalysisEnabledBooleanWhether forensic analysis is enabled.
Zimperium.PolicyAppSetting.globalBooleanWhether the policy is global.
Zimperium.PolicyAppSetting.groupsUnknownThe groups information.
Zimperium.PolicyAppSetting.jsonHashStringThe JSON hash of the policy.
Zimperium.PolicyAppSetting.modifiedDateThe modified date of the policy.
Zimperium.PolicyAppSetting.nameStringThe name of the policy.
Zimperium.PolicyAppSetting.phishingEnabledBooleanWhether phishing is enabled or not.
Zimperium.PolicyAppSetting.phishingLocalClassifierEnabledBooleanWhether the phishing local classifier is enabled.
Zimperium.PolicyAppSetting.phishingThresholdNumberThe phishing threshold.
Zimperium.PolicyAppSetting.privacySummaryEnabledBooleanWhether the privacy summary is enabled.
Zimperium.PolicyAppSetting.protoHashStringThe proto hash.
Zimperium.PolicyAppSetting.siteInsightEnabledBooleanWhether the site insight is enabled or not.
Zimperium.PolicyAppSetting.staticFilesWrittenDateThe date when the static files were written.
Zimperium.PolicyAppSetting.teamUnknownThe team name the policy is associated with.
Zimperium.PolicyAppSetting.teamIdUnknownThe ID of the team to which the policy belongs.

Command example#

!zimperium-policy-app-settings-get app_settings_policy_id="9e"

Context Example#

{
"Zimperium": {
"PolicyAppSetting": {
"accountId": "2",
"appRiskLookupEnabled": true,
"assigned": true,
"autoActivateKnox": false,
"autoBatteryOptimizationEnabled": true,
"cogitoEnabled": true,
"cogitoThreshold": 70,
"created": "2023-12-05T20:09:16.621+00:00",
"dangerzoneEnabled": true,
"detectionEnabled": true,
"forensicAnalysisEnabled": false,
"global": true,
"groups": [
{
"accountId": "2",
"created": "2023-12-05T20:09:16.621+00:00",
"description": "Default Group",
"emm": false,
"global": true,
"groupActivations": [],
"id": "37",
"modified": "2023-12-05T20:09:16.621+00:00",
"name": "Default Group",
"staticFilesWritten": "2024-02-06T06:00:37.129+00:00",
"userActivations": [
{
"id": "40"
}
],
"zapps": []
}
],
"id": "9e",
"jsonHash": "616",
"modified": "2023-12-05T20:09:16.729+00:00",
"name": "Default",
"phishingDBRefreshMinutes": 480,
"phishingEnabled": true,
"phishingLocalClassifierEnabled": true,
"phishingThreshold": 75,
"privacySummaryEnabled": true,
"protoHash": "ea9",
"siteInsightEnabled": false,
"staticFilesWritten": "2023-12-05T20:09:17.418+00:00",
"team": null,
"teamId": null
}
}
}

Human Readable Output#

Policy App Settings#

IdNameDetection EnabledCogito EnabledCogito ThresholdPhishing EnabledPhishing ThresholdPhishing DB Refresh MinutesCreatedModifiedStatic Files WrittenJson HashProto HashDangerzone EnabledSite Insight EnabledPhishing Local Classifier EnabledApp Risk Lookup EnabledAuto Battery Optimization EnabledAuto Activate KnoxPrivacy Summary EnabledForensic Analysis EnabledTeamAssignedTeam IdGlobal
9eDefaulttruetrue70true754802023-12-05T20:09:16.621+00:002023-12-05T20:09:16.729+00:002023-12-05T20:09:17.418+00:00616ea9truefalsetruetruetruefalsetruefalsetruetrue

zimperium-policy-device-inactivity-list#


Get the policy device inactivity list.

Base Command#

zimperium-policy-device-inactivity-list

Input#

Argument NameDescriptionRequired
page_sizeMaximum number of results to retrieve in each page. If a limit is not provided, default is 50.Optional
pagePage number. Default is 0.Optional
limitNumber of total results to return. Default is 50.Optional
team_idUsed to filter the data by the team the user belongs to. If you provide this the query returns matching entries plus the policies without a team.Optional

Context Output#

PathTypeDescription
Zimperium.PolicyDeviceInactivity.teamIdStringThe team ID for the policy device inactivity list.
Zimperium.PolicyDeviceInactivity.idStringThe policy device inactivity list ID.
Zimperium.PolicyDeviceInactivity.nameStringThe name of the policy device inactivity list.

Command example#

!zimperium-policy-device-inactivity-list team_id="1"

Context Example#

{
"Zimperium": {
"PolicyDeviceInactivity": [
{
"id": "2",
"name": "Default",
"teamId": null
},
{
"id": "ff3",
"name": "InactivityTest",
"teamId": "1"
}
]
}
}

Human Readable Output#

Device Inactivity List#

IdNameTeam Id
2Default
ff3InactivityTest1

zimperium-policy-device-inactivity-get#


Get policy device inactivity.

Base Command#

zimperium-policy-device-inactivity-get

Input#

Argument NameDescriptionRequired
policy_idThe identifier of the policy. Can be retrieved using zimperium-policy-device-inactivity-list.Required

Context Output#

PathTypeDescription
Zimperium.PolicyDeviceInactivity.idStringThe policy device inactivity ID.
Zimperium.PolicyDeviceInactivity.accountIdStringThe account identifier.
Zimperium.PolicyDeviceInactivity.createdDateThe date and time the policy was created.
Zimperium.PolicyDeviceInactivity.groups.idStringThe group ID.
Zimperium.PolicyDeviceInactivity.groups.nameStringThe group name.
Zimperium.PolicyDeviceInactivity.inactiveAppSettings.enabledBooleanWhether the app settings inactivity is enabled.
Zimperium.PolicyDeviceInactivity.inactiveAppSettings.maxWarningsCountNumberThe maximum number of warnings that can be issued for an app.
Zimperium.PolicyDeviceInactivity.inactiveAppSettingsBooleanThe inactive app settings.
Zimperium.PolicyDeviceInactivity.modifiedDateThe policy modified date.
Zimperium.PolicyDeviceInactivity.nameStringThe name of the policy.
Zimperium.PolicyDeviceInactivity.pendingActivationSettings.enabledBooleanWhether the device's policy setting is enabled or not.
Zimperium.PolicyDeviceInactivity.pendingActivationSettings.maxWarningsCountNumberThe maximum number of warnings that can be issued for the policy.
Zimperium.PolicyDeviceInactivity.pendingActivationSettings.sendEmailAndroidBooleanWhether to send an email.
Zimperium.PolicyDeviceInactivity.pendingActivationSettings.sendEmailIosBooleanWhether to send an email.
Zimperium.PolicyDeviceInactivity.pendingActivationSettings.timeBeforeWarningDisplayUnitsStringThe time before the warning display.
Zimperium.PolicyDeviceInactivity.pendingActivationSettings.timeBeforeWarningSecondsNumberThe time before the warning seconds.
Zimperium.PolicyDeviceInactivity.pendingActivationSettings.timeBetweenWarningsDisplayUnitsStringThe time interval between warning displays.
Zimperium.PolicyDeviceInactivity.pendingActivationSettings.timeBetweenWarningsSecondsNumberThe time in seconds between warnings.
Zimperium.PolicyDeviceInactivity.teamIdStringThe Team ID for the policy device inactivity.

Command example#

!zimperium-policy-device-inactivity-get policy_id="ff3"

Context Example#

{
"Zimperium": {
"PolicyDeviceInactivity": {
"accountId": "2",
"created": 1702305515652,
"groups": [
{
"id": "1",
"name": "GroupTest"
}
],
"id": "ff3",
"inactiveAppSettings": {
"enabled": false,
"maxWarningsCount": 2,
"notifyDevicesAndroid": false,
"notifyDevicesIos": false,
"sendEmailAndroid": false,
"sendEmailIos": false,
"timeBeforeWarningDisplayUnits": "DAYS",
"timeBeforeWarningSeconds": 259200,
"timeBetweenWarningsDisplayUnits": "DAYS",
"timeBetweenWarningsSeconds": 86400
},
"modified": 1702305515652,
"name": "InactivityTest",
"pendingActivationSettings": {
"enabled": false,
"maxWarningsCount": 2,
"sendEmailAndroid": false,
"sendEmailIos": false,
"timeBeforeWarningDisplayUnits": "DAYS",
"timeBeforeWarningSeconds": 259200,
"timeBetweenWarningsDisplayUnits": "DAYS",
"timeBetweenWarningsSeconds": 86400
},
"teamId": "1"
}
}
}

Human Readable Output#

Device Inactivity#

IdNameTeam IdPending Activation SettingsInactive App SettingsCreatedModified
ff3InactivityTest1enabled: false
timeBeforeWarningSeconds: 259200
timeBeforeWarningDisplayUnits: DAYS
timeBetweenWarningsSeconds: 86400
timeBetweenWarningsDisplayUnits: DAYS
maxWarningsCount: 2
sendEmailIos: false
sendEmailAndroid: false
enabled: false
timeBeforeWarningSeconds: 259200
timeBeforeWarningDisplayUnits: DAYS
timeBetweenWarningsSeconds: 86400
timeBetweenWarningsDisplayUnits: DAYS
maxWarningsCount: 2
notifyDevicesIos: false
notifyDevicesAndroid: false
sendEmailIos: false
sendEmailAndroid: false
2023-12-11 14:38:352023-12-11 14:38:35

Breaking changes from the previous version of this integration#

The following sections list the changes in this version.

Commands#

The following commands were removed in this version:#

  • zimperium-events-search - this command was replaced by zimperium-threat-search.
  • zimperium-user-get-by-id - this command was replaced by zimperium-users-search.
  • zimperium-device-get-by-id - this command was replaced by zimperium-devices-search.
  • zimperium-app-classification-get - this command was replaced by zimperium-app-version-list.
  • zimperium-devices-search - this command was removed.
  • file - this command was removed.

Arguments#

The following arguments were removed in this version:#

In the zimperium-users-search command:

  • query
  • email

In the zimperium-devices-search command:

  • query

In the zimperium-report-get command:

  • bundle_id
  • itunes_id
  • app_hash
  • platform