Palo Alto Cortex XSOAR™

The MobileIron UEM content pack for Cortex XSOAR by Palo Alto Networks allows joint customers to discover security incidents related to all endpoints they manage with either MobileIron Core or MobileIron Cloud and is available on the Cortex XSOAR Marketplace within Cortex XSOAR.

Cortex XSOAR™ is used by security teams to detect and respond to security incidents within the organisation’s digital footprint. This pack forms the glue between the two solutions and provides data enrichment based on device information contained within MobileIron for any incidents triggered by 3rd party security systems. This unified solution additionally allows MobileIron users the option to create security incidents based on device data within MobileIron Core or Cloud to be investigated and resolved by the security team.

What does this pack provide?

Commands to fetch device data based on certain common attributes such as a WiFi MAC address, device UUID, serial number, and IP address.
An option to query device data based on the MobileIron UEM API Query DSL.
Commands to execute device-specific actions such as retire, wipe, send message, etc.
Ability to fetch and create incidents based on device data contained within MobileIron UEM.
Sample playbooks demonstrating how remediation actions can be set up to respond to device incidents.
Custom layout and incident mapper to better show the relevant incident data.