Zimperium Mobile Threat Defense connector for Microsoft Sentinel
Zimperium Mobile Threat Defense connector gives you the ability to connect the Zimperium threat log with Microsoft Sentinel to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's mobile threat landscape and enhances your security operation capabilities.
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | ZimperiumThreatLog_CL ZimperiumMitigationLog_CL |
| Data collection rules support | Not currently supported |
| Supported by | Zimperium |
Query samples
All threats with threat vector equal to Device
ZimperiumThreatLog_CL
| where threat_vector_s == "Device"
| limit 100
All threats for devices running iOS
ZimperiumThreatLog_CL
| where device_os_s == "ios"
| order by event_timestamp_s desc nulls last
View latest mitigations
ZimperiumMitigationLog_CL
| order by event_timestamp_s desc nulls last
Vendor installation instructions
Configure and connect Zimperium MTD
- In zConsole, click Manage on the navigation bar.
- Click the Integrations tab.
- Click the Threat Reporting button and then the Add Integrations button.
- Create the Integration:
- From the available integrations, select Microsoft Sentinel.
- Enter your workspace id and primary key from the fields below, click Next.
- Fill in a name for your Microsoft Sentinel integration.
- Select a Filter Level for the threat data you wish to push to Microsoft Sentinel.
- Click Finish
- For additional instructions, please refer to the Zimperium customer support portal.
Next steps
For more information, go to the related solution in the Azure Marketplace.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for