Workspace ONE Intelligence and Zimperium Mobile Threat Detection Integration

Blogging has been a real treat. I especially enjoy seeing what posts  receive more pageviews, and what content really resonates with people. 

 The trend, is your friend; posts covering Zimperium and Workspace ONE integration receive anywhere from 570% to over 900% more views than the rest. With that, let's give the people what they want.

 This week Zimperium would announce support full support for Workspace ONE Intelligence. Workspace ONE Intelligence is an extension of the Workspace ONE UEM platform that provides new features and capabilities. Some of these capabilities include;
  1. Trust Network
  2. Automation
  3. Dashboards / Reports / Widgets
  4. Consumer Apps SDK
With this latest release of zConsole from Zimperium, we can now stream threat events to Workspace ONE Intelligence.  Currently, Intelligence is able to use threat events from Zimperium to create dashboards/reports/widgets, and automated workflows.
Source: VMware
In this blog post, we'll cover how to integrate Workspace ONE Intelligence and Zimperium Mobile Threat Detection. But, before we get to the technical stuff, let's get to the good stuff.....
Kalalau Lookout, Kauai
Workspace ONE Intelligence Setup

  1. Login to your Workspace ONE UEM console
  2. In the upper right hand corner, click the 9 dots, and then click 'Workspace ONE Intelligence'

  3. Click 'Launch'

  4. In the new window that opens, click 'Integrations'



    (close-up)
  5. In the new page that appears, locate Zimperium, and click 'Set up'

  6. Enter your administrator email address (this can be any email address, providing your team can be reached at the address). Click 'Done'
  7. At the next page you are provided with the integration token, hostname, and port. Keep this information handy.

  8. Click 'Done'
Zimperium Mobile Threat Detection Integration
  1. Login to the Zimperium zConsole and click 'Manage'
  2. Click 'Integrations'

  3. Click 'Threat Reporting', followed by 'Add Integration'

  4. Click 'VMware Workspace ONE Intelligence'
  5. Paste in the values obtained from Workspace ONE Intelligence
  6. Click 'Next', and specify the appropriate event level to send over. I have selected 'Normal and Above'. Before proceeding, name the integration appropriately as well. Then click 'Finish'


    * Note - at the time of this writing, June 24th 10:22 PM EDT, Detailed Forensics cannot be selected.
  7. Your new 'Threat Reporting' destination is created.


Outside of the scope of this post is how to create threats. To validate the integration works; I will create some threats and show the threats exported count increase.... 
😉

 Threat Event Log in zConsole, post-device tampering...

Updated Workspace ONE Intelligence integration detailing 16 threats reported. The reason the number of threats reported to Amazon Kinesis is greater, is due to Kinesis being integrated since April 29th, 2020. 

Mahalo,
Ryan Pringnitz

Location: Lahaina, HI, USA

Comments

Post a Comment

Popular posts from this blog

Delivering Managed Configurations (key/value pairs) to Android applications with Workspace ONE UEM profiles

Image
Applications often have secrets that should not be hardcoded in the source code. This poses a challenge for developers, as ProGuard can change classes and method names, it won't help with secrets. Examples of secrets that can be removed from application source code include an API key or a OAuth refresh token. Another capability is for the MDM to dynamically deliver values to the application, such as the current logged in user, device serial number, or organization group. Google has made it more challenging to access non-resettable device identifiers like the serial number in recent years, and this remains a viable solution to provide non-resettable device identifiers (and other values) to applications running on the device. So how do we do it? Workspace ONE UEM can deliver profiles to devices. Profiles can configure a number of settings, in addition to delivering key/value pairs to your applications.  Google refers to these key/value pairs as Managed Configurations, aka application
Read more

How to use Square's OkHttp Java library to access Workspace ONE UEM API's

Image
Digital workspace solutions often require consuming other services. When doing so, you may work with things like; REST API endpoints, Webhooks, gRPC, GraphQL - the list goes on. You can interact with these in a number of ways, but one way I've come to appreciate is with Java. It has been especially helpful when I've wanted to work with libraries like Appium, Selenium, OKHttp, or the Workspace ONE UEM SDK in a workflow. With that, I thought it would be helpful to share how to work with Workspace ONE UEM API's using Java. In this blog post, we will cover; Basics of JetBrain's IntelliJ IDE, touching on Apache Maven Using  Square's OkHttp   library  to call Workspace ONE UEM API's Why Java? Java is used by many and supported by most (Docker, Kubernetes, static code analysis tools, cloud service providers, Android, Windows, macOS, Tanzu Application Service, etc). Many languages compile to j ava
Read more

How to use Powershell with the Workspace ONE UEM API to search for users

Image
Using API's has been infinitely helpful in integrating Workspace ONE UEM with other enterprise services and applications. A question was asked recently about forming the correct HTTP header using Powershell, and returning the users in the users. Below is an example Powershell script I was able to create for this example. Make sure to include base64 encoded credentials in a folder (c:\creds\b64.txt in the example), and to update the $apiKey variable with an API key. #Workspace ONE UEM Environment Address / Authentication  $addy   =   "https://ws1.molokaibank.com" $b64   =   Get-Content   -Path   "c:\creds\b64.txt" $apiKey   =   "apikey" $b64EncodedAuth   =   " $b64 " # Header $content   =   "application/json"   $authHeader   =   "Basic "   +   $b64EncodedAuth $header   =  @{ "Authorization"   =   $authHeader ;  "aw-tenant-code"   =   $apiKey ;  "Accept"   =   $content ; 
Read more