Skip to content




Zimperium, Inc. is a global leader in mobile device and app security, offering real-time, on-device protection against both known and unknown threats on Android, iOS and Chromebook endpoints.

Product Details

Vendor URL: Zimperium

Product Type: Mobile security

Product Tier: Tier II

Integration Method: Syslog

Integration URL: n/a

Log Guide: n/a

Parser Details

Log Format: JSON

Expected Normalization Rate: near 100%

Data Label: Zimperium

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
threat.general.gateway_ip intermediary.ip
hostname observer.hostname
threat.story metadata.description metadata.product_event_type
event_id metadata.product_log_id
"MTD" metadata.product_name
"Zimperium" metadata.vendor_name
user_info.user_role principal.asset.attribute.roles
device_info.os_version principal.asset.platform_software.platform_version
threat.general.external_ip principal.ip
user_info.user_email principal.user.email_addresses
user_info.user_group principal.user.group_identifiers
user_info.employee_name principal.user.user_display_name
user_info.user_id principal.user.userid
threat.general.device_ip target.ip
threat.general.network_bssid target.mac
device_info.jailbroken additional.fields
device_info.usb_debugging_enabled additional.fields
device_info.developer_options_on additional.fields
device_info.disk_not_encrypted additional.fields
device_info.lock_screen_unprotected additional.fields
device_info.stagefright_vulnerable additional.fields
threat.story security_result.description
record.file_name security_result.about.file.names security_result.summary
threat.general.threat_type security_result.threat_name
severity security_result.severity
severity security_result.severity_details

Product Event Types

Product Event Description UDM Event
All All events GENERIC_EVENT

Log Sample

<14>1 09 21 2022 15:34:42 UTC hostname {"system_token": "token", "severity": 1, "event_id": "id", "forensics": {"os": 1, "_id": {"$oid": ""}, "type": 100, "zdid": "", "general": [{"val": "09 21 2022 15:34:41 UTC", "name": "Device Time"}, {"val": "", "name": "Action Triggered"}, {"val": "Inactive Device", "name": "Threat Type"}], "event_id": "eventID", "severity": "LOW", "attack_time": {"$date": 1663774481000}, "threat_uuid": "uuid"}, "mitigated": false, "location": null, "eventtimestamp": "09 21 2022 15:34:42 UTC", "user_info": {"user_id": "userid", "user_group": "MTD-Devices", "user_role": "End User", "user_email": "", "employee_name": "Jane Doe"}, "device_info": {"zdid": "id", "zapp_instance_id": "id", "device_time": "09 21 2022 15:34:42 UTC", "tag1": "", "tag2": "", "imei": "", "device_id": "id", "mdm_id": "", "mam_id": null, "type": "iPhone11,8", "app": "MobileIron", "jailbroken": false, "os_version": "15.6.1", "operator": "Verizon", "model": "iPhone", "app_version": "12.11.71", "os": "iOS", "usb_debugging_enabled": false, "developer_options_on": false, "disk_not_encrypted": false, "lock_screen_unprotected": false, "stagefright_vulnerable": false}, "threat": {"story": "Device is dormant. It is recommended to contact the user to reactivate the app.", "name": "Inactive App", "category": ["Singular"], "mitre_tactics": [], "threat_uuid": "uuid", "child_threat_uuids": [], "general": {"device_time": "09 21 2022 15:34:41 UTC", "action_triggered": "", "threat_type": "Inactive Device"}}}

Sample Parsing

metadata.product_log_id = "id"
metadata.event_timestamp = 1663862136
metadata.event_type = GENERIC_EVENT
metadata.vendor_name = "Zimperium
metadata.product_name = "MTD"
metadata.product_event_type = "Inactive App"
metadata.description = "Device is dormant. It is recommended to contact the user to reactivate the app."
additional.fields.key = "Developer Options On"
additional.fields.value = "false"
additional.fields.key = "Disk Not Encrypted"
additional.fields.value = "false"
additional.fields.key = "Jailbroken"
additional.fields.value = "false"
additional.fields.key = "Lock Screen Unprotected"
additional.fields.value = "false"
additional.fields.key = "Stagefright Vulnerable"
additional.fields.value = "false"
additional.fields.key = "USB Debugging Enabled"
additional.fields.value = "false"
principal.user.userid = "userid"
principal.user.user_display_name = "Jane Doe"
principal.user.group_identifiers = "MTD-Devices"
principal.user.email_addresses = ""
principal.asset.platform_software.platform_version = "15.6.1" = "MobileIron" = "12.11.71" = "End User"
observer.hostname = "hostname"
security_result.threat_name: "Inactive Device"
security_result.summary: "Inactive App"
security_result.description: "Device is dormant. It is recommended to contact the user to reactivate the app."
security_result.severity: LOW
security_result.severity_details: "1"

Parser Alerting

This product currently does not have any Parser-based Alerting


Coming Soon