Configuring the BlueApp for MobileIron Threat Defense

Role Availability Read-Only Investigator Analyst Manager

Mobile Iron Configuration

To configure the BlueApp for MobileIron Threat Defense in USM Anywhere, you need the following:

  • Your MobileIron zConsole API key
  • Your MobileIron zConsole host URL
  • Your MobleIron Cloud host URL
  • A MobileIron Cloud user account with full role permissions.

Note: The BlueApp for MobileIron Threat Defense only processes events generated from devices that have the MobileIron Go app installed. Events generated from the Zimperium zIPS app will cause duplicated events in USM Anywhere, but because these events do not contain a Mobile Iron Threat Defense identifier, the BlueApp for MobileIron Threat Defense cannot process these events.

Obtain a MobileIron zConsole API Key

To obtain an API key for MobileIron Threat Defense, you need to log into the MobileIron Technical Support page and create an API key request. It will be mailed to you.

Create a New User in MobileIron Cloud

You need a user with full role permissions to connect the BlueApp for MobileIron Threat Defense to your USM Anywhere instance.

To set up your MobileIron Cloud user account with full role permissions

  1. Log in to MobileIron Cloud.
  2. Click the Users tab to open the Users page.
  3. Click Add and select Single User from the dropdown menu.
  4. Enter a name and email address for the new account and click Done.
  5. On the Users page, click the checkbox next to the new user you created.
  6. Click Actions and select Assign Roles from the dropdown menu to grant permissions to the new role.
  7. In the Assign section of the window, select the All checkbox to allow the user full role permissions.

To enable the BlueApp for MobileIron Threat Defense

  1. In USM Anywhere, go to Data Sources > BlueApps.
  2. Click the Available Apps tab.
  3. Search for the BlueApp, and then click the tile.
  4. Click Configure API.

  5. If you have more than one deployed USM Anywhere Sensor, select the sensor that you want to use for the enabled BlueApp.

    BlueApps operate through a deployed sensor and use APIs to integrate with the connected third-party technology. Select the sensor that can access the integration endpoint. The HTTPS connections to the API will originate from this sensor, so it is important to make sure the sensor has network access to the BlueApp API endpoints.

  6. Enter the Management URL, Username, and API Token.

  7. Check Allow Creation of New Assets to allow Mobile Iron scans to create new assets in USM Anywhere.

    Check Allow Merging of Existing Assets to allow USM Anywhere to run a match against the Mobile Iron identification to merge the assets found with existing USM Anywhere assets.

    See BlueApp for MobileIron Threat Defense Asset Discovery and Management for more details on the asset creation and merging processes.

  8. Click Save.

BlueApp Log Collection

Once the BlueApp has been configured, you can choose to have USM Anywhere collect logs from the app on a regular basis.

To configure log collection for the BlueApp

  1. Go to Settings > Scheduler.
  2. In the Job Scheduler, search for the BlueApp on the sensor to which it was deployed.

  3. In the enabled column, click the icon for the inactive collection job.

    The icon turns green, and collection is enabled.

  4. (Optional.) Click the icon to customize the frequency of the event collection.