Workspace ONE Trust Network integrates threat data from security solutions including endpoint detection and response (EDR) solutions, mobile threat defense (MTD) solutions, and cloud access security brokers (CASB). This integration provides Workspace ONE Intelligence users with insights into the risks to devices and users in their environment.
Workspace ONE Intelligence displays event data for analysis in the Threats Summary module on the Security Risk dashboard.
Note: Reporting functionality for Trust Network is planned for a future release.
To integrate your Trust Network system, perform these tasks.
The Threats Summary module aggregates and displays events collected from your Trust Network services. You can find specific data by dates, event counts, and threat categories. Workspace ONE Intelligence categorizes threats into several groups to help simplify analysis and remediation.
|Anomaly||Threats that involve an application, a device, or a network behavior that is unusual, suspicious, or abnormal. Examples include applications dropping an executable file or a privilege escalation.|
|Credential||Threats that involve the attempt to use compromised credentials in a malicious way. Examples include the reading of credentials from a security process and a running application using system credentials.|
|Device||Threats that involve using a device or other endpoint component with malicious intent. An example is an unauthorized application accesses a microphone or a camera.|
|Exfiltration||Threats that involve an attempt to carry out an unauthorized data transfer. Such a transfer can be manual and carried out by someone with physical access to a computer. It can also be automated and carried out through malicious programming over a network.|
|Exploit||Threats that involve taking advantage of a bug or vulnerability in an application or system, causing unintended behavior of that application or system. Examples include code injections and root enablers.|
|Malicious Web Host||Threats that involve an attempt to access known malicious site or domain. Examples include spam, phishing, malware, and cryptojacking.|
|Malware||Threats that involve malicious software, intentionally designed to damage an endpoint, device, or network. Examples include ransom ware, key logger, and spyware.|
|Network||Threats that involve a method or process used to attempt to compromise network security. Examples include man-in-the-middle attacks, port scanning, and unusual network protocols.|
|Other||Threats that do not fit into a category.|
|Policy||Threats that involve a device or endpoint breaking a company policy. Examples include installing a untrusted application and using a jailbroken or rooted device.|