MobileIron Integration¶
Overview¶
This integration allows you to connect to MobileIron (now Ivanti Neurons for MDM) to manage mobile devices, including actions like locking/unlocking, fetching system information, listing devices, and testing connectivity.
Configuration¶
The configuration for this integration (MobileIron URL, Username, Password, etc.) is managed within the SOAR platform’s Marketplace tab. The actions utilize these pre-configured settings.
Actions¶
Unlock Device¶
Unlock device by its IP address.
Arguments:
case_id(string, required): The ID of the case.alert_group_identifiers(List[string], required): Identifiers for the alert groups.target_entities(List[TargetEntity], optional): Optional list of specific target entities (Identifier, EntityType) to run the action on. Supports IP Address entities.scope(string, optional): Defines the scope for the action. Defaults to “All entities”.
Returns:
dict: A dictionary containing the result of the unlock operation.
Unlock Device by UUID¶
Unlock device by its UUID.
Arguments:
case_id(string, required): The ID of the case.alert_group_identifiers(List[string], required): Identifiers for the alert groups.device_uuid(string, required): The UUID of the target device.target_entities(List[TargetEntity], optional): Optional list of specific target entities (Identifier, EntityType) to run the action on.scope(string, optional): Defines the scope for the action. Defaults to “All entities”.
Returns:
dict: A dictionary containing the result of the unlock operation.
Ping¶
Test integration connectivity.
Arguments:
case_id(string, required): The ID of the case.alert_group_identifiers(List[string], required): Identifiers for the alert groups.target_entities(List[TargetEntity], optional): Optional list of specific target entities (Identifier, EntityType) to run the action on.scope(string, optional): Defines the scope for the action. Defaults to “All entities”.
Returns:
dict: A dictionary containing the result of the ping action.
List Devices¶
Get the list of all the devices at the system.
Arguments:
case_id(string, required): The ID of the case.alert_group_identifiers(List[string], required): Identifiers for the alert groups.fields_to_fetch(string, optional): Comma-separated string of fields to fetch for each device (e.g., ios.DeviceName,user.display_name).target_entities(List[TargetEntity], optional): Optional list of specific target entities (Identifier, EntityType) to run the action on.scope(string, optional): Defines the scope for the action. Defaults to “All entities”.
Returns:
dict: A dictionary containing the list of devices and requested fields.
Fetch System Information By UUID¶
Get device system information by its UUID.
Arguments:
case_id(string, required): The ID of the case.alert_group_identifiers(List[string], required): Identifiers for the alert groups.device_uuid(string, required): The UUID of the target device.target_entities(List[TargetEntity], optional): Optional list of specific target entities (Identifier, EntityType) to run the action on.scope(string, optional): Defines the scope for the action. Defaults to “All entities”.
Returns:
dict: A dictionary containing the system information for the specified device.
Fetch System Information¶
Fetch system information for device by its IP address.
Arguments:
case_id(string, required): The ID of the case.alert_group_identifiers(List[string], required): Identifiers for the alert groups.fields_to_fetch(string, optional): Comma-separated string of fields to fetch for the device (e.g., ios.DeviceName,user.display_name).target_entities(List[TargetEntity], optional): Optional list of specific target entities (Identifier, EntityType) to run the action on. Supports IP Address entities.scope(string, optional): Defines the scope for the action. Defaults to “All entities”.
Returns:
dict: A dictionary containing the system information for the specified device(s).
Notes¶
Ensure the MobileIron integration is properly configured in the SOAR Marketplace tab.
Device targeting can often be done via IP Address or Device UUID.