mobileiron¶
About¶
Mobileiron Core is a mobile management software engine that enables IT to set policies for mobile devices, applications, and content. This product enables Mobile Device Management, Mobile Application Management, and Mobile Content Management capabilities.
Product Details¶
Vendor URL: mobileiron
Product Type: Endpoint Management
Product Tier: Tier III
Integration Method: Custom
Parser Details¶
Log Format: Syslog + KV
Expected Normalization Rate: near 100%
Data Label: MOBILEIRON
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| GENERIC_EVENT | metadata.event_type |
| "mobileiron" | metadata.vendor_name |
| "Core" | metadata.product_name |
| PRODUCT | metadata.product_version |
| word | metadata.product_event_type |
| description | metadata.description |
| errors | metadata.description |
| f_host | intermediary.ip |
| f_host | intermediary.hostname |
| PID | principal.process.pid |
| COMMAND | principal.process.command_line |
| USER | principal.user.userid |
| user | principal.user.userid |
| IPAddress | principal.ip |
| port | principal.port |
| target | target.ip |
| port | target.port |
| HTTPS | network.application_protocol |
| h_method | network.http.method |
| target_url | network.http.referral_url |
| resp_code | network.http.response_code |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| All events | GENERIC_EVENT |
Log Sample¶
Aug 9 15:33:01 10.1.1.1 <30>0 2022-08-09T19:33:01.863717+00:00 hostname systemd 1 - [TOKEN@11058 tag=”RsyslogTLS”] PRODUCT=Core_11.5.0.0_11, Started Session cXXXX175 of user root.
Sample Parsing¶
metadata.event_type = "GENERIC_EVENT"
metadata.vendor_name = "mobileiron"
metadata.product_name = "Core"
metadata.product_version = "Core_11.5.0.0_11"
metadata.product_event_type = "systemd"
metadata.description = "Started Session cXXXX175 of user root."
intermediary.ip = "10.1.1.1"
Parser Alerting¶
This product currently does not have any Parser-based Alerting
Rules¶
Coming Soon