Workspace ONE Trust Network integrates threat data from security solutions including endpoint detection and response (EDR) solutions, mobile threat defense (MTD) solutions, and cloud access security brokers (CASB). This integration provides Workspace ONE Intelligence users with insights into the risks to devices and users in their environment.

Workspace ONE Intelligence displays event data for analysis in the Threats Summary module on the Security Risk dashboard.

Note: Reporting functionality for Trust Network is planned for a future release.


To integrate your Trust Network system, perform these tasks.

  1. In Workspace ONE Intelligence, register the Trust Network supported service in Integrations.
  2. View, analyze, and work with data in the Threats Summary module on the Security Risk dashboard. Note: If you see no data identified in the Threats Summary after you have configured the service in Integrations, it does not mean that the configuration is broken. It can suggest that there have been no events reported from the Trust Network service.
  3. In Automations, create a workflow using Trust Network triggers to act on threat intelligence data with available actions.

Threats Summary Categories for Trust Network

The Threats Summary module aggregates and displays events collected from your Trust Network services. You can find specific data by dates, event counts, and threat categories. Workspace ONE Intelligence categorizes threats into several groups to help simplify analysis and remediation.

Threat Category Descriptions

Threat Categories Descriptions
Anomaly Threats that involve an application, a device, or a network behavior that is unusual, suspicious, or abnormal. Examples include applications dropping an executable file or a privilege escalation.
Credential Threats that involve the attempt to use compromised credentials in a malicious way. Examples include the reading of credentials from a security process and a running application using system credentials.
Device Threats that involve using a device or other endpoint component with malicious intent. An example is an unauthorized application accesses a microphone or a camera.
Exfiltration Threats that involve an attempt to carry out an unauthorized data transfer. Such a transfer can be manual and carried out by someone with physical access to a computer. It can also be automated and carried out through malicious programming over a network.
Exploit Threats that involve taking advantage of a bug or vulnerability in an application or system, causing unintended behavior of that application or system. Examples include code injections and root enablers.
Malicious Web Host Threats that involve an attempt to access known malicious site or domain. Examples include spam, phishing, malware, and cryptojacking.
Malware Threats that involve malicious software, intentionally designed to damage an endpoint, device, or network. Examples include ransom ware, key logger, and spyware.
Network Threats that involve a method or process used to attempt to compromise network security. Examples include man-in-the-middle attacks, port scanning, and unusual network protocols.
Other Threats that do not fit into a category.
Policy Threats that involve a device or endpoint breaking a company policy. Examples include installing a untrusted application and using a jailbroken or rooted device.
check-circle-line exclamation-circle-line close-line
Scroll to top icon