Troubleshoot XDR Device Insights and MobileIron Integration

Introduction

This document describes the steps to perform a basic analysis and troubleshoot the XDR Device Insights and MobileIron integration.

Prerequisites

Requirements

Cisco recommends that you have knowledge of these topics.

• XDR
• MobileIron
• Basic knowledge of APIs
• Postman API tool

Components Used

The information in this document is based on these software and hardware versions.

• XDR
  
  

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

Background Information

XDR Device Insights provides a unified view of the devices in your organization and consolidates inventories from integrated data sources.

MobileIron is an Enterprise Mobility Manager (EMM), also known as a Mobile Device Manager (MDM) or a Unified Endpoint Manager (UEM). When you integrate MobileIron with XDR, it enriches the endpoint details available in XDR device insights and the endpoint data available when you investigate incidents. When you configure the MobileIron integration, you must add a MobileIron API user in your MobileIron console and then add the MobileIron integration module in XDR.

If you want to know more about the configuration, please review the integration module details.

Troubleshoot

In order to troubleshoot common issues with the XDR and MobileIron integration, you can verify the connectivity and performance of the API.

Connectivity test with XDR Device Insights and MobileIron

You can use Postman Tool to have a more visual output while you test the connectivity.

Note: Postman is not a Cisco-developed tool. If you have a question about Postman tool functionality, please contact Postman support.

Step 1. You can select Basic Auth as an authorization method since MobileIron uses it, as shown in the image.

Step 2. You can get the tenant ID, which needs to be taken from defaultDmPartitionId, as shown in the image. 

https://<MI FQDN>/api/v1/metadata/tenant​

"nobodyAccountId":
"defaultDmPartitionId":
"defaultCmPartitionId":
"tenantSetupRequired": false,
"eulaRequired": false,
"systemUseNotificationRequired": false,

Step 3. You can use this API call in order to get a list of the devices (the default limit is 500 entries per page)

https://<MI FQDN>/api/v1/device/?dmPartitionId=<tenantId>

Step 4. In response to the first call, the total number of objects is returned.

Note: The row (AKA limit) and start (AKA offset) parameters can be used to get the next pages, as shown in the image.

Performance test with XDR Device Insights and MobileIron

Step 1. With XDR Device Insights you can monitor the API performance of each source on the Source page.

Step 2. In the Performance Over Time graph, you can hover over the mouse to bars and you can see the number of records retrieved and the actual duration of sync.

Step 3. You can observe the Sync Data Over Time graph that displays changes in the number of records synchronized over time.

Step 4. For each REST API source system, you can see the details of the last sync that are displayed.

Step 5. In the case of webhook-based sources, you can see the total number of notifications for a given period of time.

Verify

Once MobileIron is added as a source to XDR Device Insights, you can see a successful REST API connection status.

• You can see the REST API connection with a green status
• Press on Sync Now to trigger the initial full sync

In case the issue persists with the XDR Device Insights and MobileIron integration, please collect HAR logs from the browser and contact TAC support in order to perform a deeper analysis.