From 2fb7ba5b1a178c3360d5e6874ef55b80ea14f4ed Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Mon, 27 Jan 2025 11:09:11 +0530 Subject: [PATCH 01/12] VMware Workspace ONE (apps) --- blog-service/2025-01-28-apps.md | 14 ++ cid-redirects.json | 1 + .../product-list/product-list-m-z.md | 2 +- docs/integrations/saas-cloud/index.md | 6 + .../saas-cloud/vmware-workspace-one.md | 207 ++++++++++++++++++ sidebars.ts | 1 + 6 files changed, 230 insertions(+), 1 deletion(-) create mode 100644 blog-service/2025-01-28-apps.md create mode 100644 docs/integrations/saas-cloud/vmware-workspace-one.md diff --git a/blog-service/2025-01-28-apps.md b/blog-service/2025-01-28-apps.md new file mode 100644 index 0000000000..73e288ec63 --- /dev/null +++ b/blog-service/2025-01-28-apps.md @@ -0,0 +1,14 @@ +--- +title: VMware Workspace ONE (Apps) +image: https://help.sumologic.com/img/sumo-square.png +keywords: + - apps + - vmware-workspace-one +hide_table_of_contents: true +--- + +import useBaseUrl from '@docusaurus/useBaseUrl'; + +icon + +We're excited to introduce the new VMware Workspace ONE app for Sumo Logic. This app leverages the Sumo Logic Cloud-to-Cloud VMware Workspace ONE source that collects audit logs data from the VMware Workspace ONE platform. This app helps security analysts monitor device compliance, encryption, and security status, offering a powerful solution for analysing spot risks, enforce policies, and keep devices secure. [Learn more](/docs/integrations/saas-cloud/vmware-workspace-one/). \ No newline at end of file diff --git a/cid-redirects.json b/cid-redirects.json index 7c9000ff77..10e63a0385 100644 --- a/cid-redirects.json +++ b/cid-redirects.json @@ -1602,6 +1602,7 @@ "/cid/10207": "/docs/integrations/saas-cloud/symantec-endpoint-security-service", "/cid/10197": "/docs/integrations/saas-cloud/symantec-web-security-service", "/cid/6016": "/docs/integrations/saas-cloud/trend-micro-vision-one", + "/cid/6024": "/docs/integrations/saas-cloud/vmware-workspace-one", "/cid/10112": "/docs/integrations/app-development/jfrog-xray", "/cid/10113": "/docs/observability/root-cause-explorer", "/cid/10116": "/docs/manage/fields", diff --git a/docs/integrations/product-list/product-list-m-z.md b/docs/integrations/product-list/product-list-m-z.md index 1fe816c309..86622e58a6 100644 --- a/docs/integrations/product-list/product-list-m-z.md +++ b/docs/integrations/product-list/product-list-m-z.md @@ -203,7 +203,7 @@ For descriptions of the different types of integrations Sumo Logic offers, see [ | Thumbnail icon | [Vectra](https://www.vectra.ai/) | Automation integration: [Vectra](/docs/platform-services/automation-service/app-central/integrations/vectra/)
Cloud SIEM integration: [Vectra](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/7a3d1a5c-ba67-4597-971f-7057e8f6c8bb.md) | | Thumbnail icon | [VirusTotal](https://www.virustotal.com/) | Automation integration: [VirusTotal](/docs/platform-services/automation-service/app-central/integrations/virustotal/) | | Thumbnail icon | [VMRay](https://www.vmray.com/) | Automation integration: [VMRay](/docs/platform-services/automation-service/app-central/integrations/vmray/) | -| Thumbnail icon | [VMware](https://www.vmware.com/) | Apps:
- [Carbon Black Cloud](/docs/integrations/security-threat-detection/carbon-black-cloud/)
- [VMware](/docs/integrations/containers-orchestration/vmware/)
- [VMware Legacy](/docs/integrations/containers-orchestration/vmware-legacy/)
- [VMware Carbon Black](/docs/integrations/security-threat-detection/vmware-carbon-black/)
- [VMWare - OpenTelemetry Collector](/docs/integrations/containers-orchestration/opentelemetry/vmware-opentelemetry/)
Automation integrations:
- [Lastline Analyst](/docs/platform-services/automation-service/app-central/integrations/lastline-analyst/)
- [VMware Carbon Black Cloud Endpoint Standard](/docs/platform-services/automation-service/app-central/integrations/vmware-carbon-black-cloud-endpoint-standard/)
- [VMware Carbon Black Cloud Endpoint Standard V2](/docs/platform-services/automation-service/app-central/integrations/vmware-carbon-black-cloud-endpoint-standard-v2/)
- [VMware Carbon Black Cloud Enterprise EDR](/docs/platform-services/automation-service/app-central/integrations/vmware-carbon-black-cloud-enterprise-edr/)
- [VMware Carbon Black Cloud Platform](/docs/platform-services/automation-service/app-central/integrations/vmware-carbon-black-cloud-platform/)
- [VMware vSphere](/docs/platform-services/automation-service/app-central/integrations/vmware-vsphere/)
- [VMware Workspace ONE](/docs/platform-services/automation-service/app-central/integrations/vmware-workspace-one/)
Cloud SIEM integrations:
- [Carbon Black](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/c2ea2e5e-92f2-49e8-9812-64e60dba63a2.md)
- [VMware](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/fbf25b91-89f1-45c4-903d-664b328bc6e0.md)
Collectors:
- [Carbon Black Cloud Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-cloud-source/)
- [Carbon Black Inventory Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-inventory-source/)
- [Carbon Black Cloud - Cloud SIEM](/docs/cse/ingestion/ingestion-sources-for-cloud-siem/carbon-black/)
- [Collect Metrics from VMware vRealize Operations Manager 8 Enterprise](/docs/send-data/collect-from-other-data-sources/collect-metrics-vrealize-operations-manager/)
- [VMware AirWatch Integration for Sumo Logic](/docs/send-data/collect-from-other-data-sources/vmware-airwatch-integration/)
- [VMware vRealize Log Insight](/docs/send-data/collect-from-other-data-sources/vmware-vrealize-log-insight/)
- [VMware Workspace One Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vmware-workspace-one-source/)
Partner integration: [VMware Tanzu](https://docs.vmware.com/en/Sumo-Logic-Nozzle-for-VMware-Tanzu/services/sumologic-nozzle-vmware-tanzu/index.html) | +| Thumbnail icon | [VMware](https://www.vmware.com/) | Apps:
- [Carbon Black Cloud](/docs/integrations/security-threat-detection/carbon-black-cloud/)
- [VMware](/docs/integrations/containers-orchestration/vmware/)
- [VMware Legacy](/docs/integrations/containers-orchestration/vmware-legacy/)
- [VMware Carbon Black](/docs/integrations/security-threat-detection/vmware-carbon-black/)
- [VMWare - OpenTelemetry Collector](/docs/integrations/containers-orchestration/opentelemetry/vmware-opentelemetry/)
- [VMware Workspace ONE](/docs/integrations/saas-cloud/vmware-workspace-one/)
Automation integrations:
- [Lastline Analyst](/docs/platform-services/automation-service/app-central/integrations/lastline-analyst/)
- [VMware Carbon Black Cloud Endpoint Standard](/docs/platform-services/automation-service/app-central/integrations/vmware-carbon-black-cloud-endpoint-standard/)
- [VMware Carbon Black Cloud Endpoint Standard V2](/docs/platform-services/automation-service/app-central/integrations/vmware-carbon-black-cloud-endpoint-standard-v2/)
- [VMware Carbon Black Cloud Enterprise EDR](/docs/platform-services/automation-service/app-central/integrations/vmware-carbon-black-cloud-enterprise-edr/)
- [VMware Carbon Black Cloud Platform](/docs/platform-services/automation-service/app-central/integrations/vmware-carbon-black-cloud-platform/)
- [VMware vSphere](/docs/platform-services/automation-service/app-central/integrations/vmware-vsphere/)
- [VMware Workspace ONE](/docs/platform-services/automation-service/app-central/integrations/vmware-workspace-one/)
Cloud SIEM integrations:
- [Carbon Black](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/c2ea2e5e-92f2-49e8-9812-64e60dba63a2.md)
- [VMware](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/fbf25b91-89f1-45c4-903d-664b328bc6e0.md)
Collectors:
- [Carbon Black Cloud Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-cloud-source/)
- [Carbon Black Inventory Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-inventory-source/)
- [Carbon Black Cloud - Cloud SIEM](/docs/cse/ingestion/ingestion-sources-for-cloud-siem/carbon-black/)
- [Collect Metrics from VMware vRealize Operations Manager 8 Enterprise](/docs/send-data/collect-from-other-data-sources/collect-metrics-vrealize-operations-manager/)
- [VMware AirWatch Integration for Sumo Logic](/docs/send-data/collect-from-other-data-sources/vmware-airwatch-integration/)
- [VMware vRealize Log Insight](/docs/send-data/collect-from-other-data-sources/vmware-vrealize-log-insight/)
- [VMware Workspace One Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vmware-workspace-one-source/)
Partner integration: [VMware Tanzu](https://docs.vmware.com/en/Sumo-Logic-Nozzle-for-VMware-Tanzu/services/sumologic-nozzle-vmware-tanzu/index.html) | | Thumbnail icon | [Votiro](https://votiro.com/) | Partner integration: [Votiro](https://github.com/SumoLogic/sumologic-public-partner-apps/tree/master/Votiro#votiro) | ## W diff --git a/docs/integrations/saas-cloud/index.md b/docs/integrations/saas-cloud/index.md index 0f0944ec49..8df96ad144 100644 --- a/docs/integrations/saas-cloud/index.md +++ b/docs/integrations/saas-cloud/index.md @@ -327,6 +327,12 @@ Learn about the Sumo Logic apps for SaaS and Cloud applications.

Analyze alert logs to detect potential security risks.

+
+
+ icon

VMware Workspace ONE

 +

Analyze device compliance, encryption, and security status to spot risks and keep devices secure.

+
+
icon

Webex

 diff --git a/docs/integrations/saas-cloud/vmware-workspace-one.md b/docs/integrations/saas-cloud/vmware-workspace-one.md new file mode 100644 index 0000000000..1bea0f1009 --- /dev/null +++ b/docs/integrations/saas-cloud/vmware-workspace-one.md @@ -0,0 +1,207 @@ +--- +id: vmware-workspace-one +title: VMware Workspace ONE +sidebar_label: VMware Workspace ONE +description: The VMware Workspace ONE app for Sumo Logic helps security analysts monitor device compliance, encryption, and security status, offering a powerful solution for analysing spot risks, enforce policies, and keep devices secure. +--- + +import useBaseUrl from '@docusaurus/useBaseUrl'; + +vmware-workspace-one-logo + +The Sumo Logic App for VMware Workspace ONE helps security analysts monitor device compliance, encryption, and security status. It offers dashboards that show non-compliant or compromised device, and data encryption gaps. Geolocation panels track device locations and flag roaming in restricted areas. Out-of-the-box alerts notify analysts about security issues like compromised devices, non-compliance, and unauthorized roaming. These features help analysts spot address risks, enforce security policies, and maintain a secure enterprise device ecosystem. + +:::info +This app includes [built-in monitors](#vmware-workspace-one-monitors). For details on creating custom monitors, refer to the [Create monitors for VMware Workspace ONE app](#create-monitors-for-the-vmware-workspace-one-app). +::: + +## Log types + +This app uses Sumo Logic’s VMware Workspace ONE Source to collect [audit logs](https://help.sumologic.com/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vmware-workspace-one-source/) from the VMware Workspace ONE platform. + +## Sample log message + +
+Audit Log + +```json +{ + "AcLineStatus": 1, + "AssetNumber": "827BE1C5AEC05C378C61C44103E9D3FCB2EC354D", + "AvailableDeviceCapacity": 1, + "AvailablePhysicalMemory": 4, + "BatteryLevel": "abcd", + "ComplianceStatus": "NonCompliant", + "ComplianceSummary": { + "DeviceCompliance": [ + { + "ActionTaken": [ + { + "ActionType": 0 + } + ], + "CompliantStatus": true, + "Id": { + "Value": 1 + }, + "LastComplianceCheck": "2025-01-15T03:15:26.8528889+01:00", + "NextComplianceCheck": "2025-01-15T03:01:26.8528889+01:00", + "PolicyDetail": "compliance policy for device compromised status including application list contains rule", + "PolicyName": "application list compliance policy", + "Uuid": "2851e9e5-2084-433c-a741-dae0856295ff" + } + ] + }, + "CompromisedStatus": true, + "DataEncryptionYN": "N", + "DataProtectionStatus": 5, + "DepTokenSource": 0, + "DeviceCapacity": 1, + "DeviceCellularNetworkInfo": [ + { + "CardId": "Text value", + "CarrierName": "Text value", + "DeviceMCC": { + + }, + "IsRoaming": true, + "PhoneNumber": "Text value" + } + ], + "DeviceFriendlyName": "users iPhone iOS 10.3.2 ", + "DeviceMCC": { + "CurrentMCC": "Text value", + "SIMMCC": "Text value" + }, + "DeviceManufacturerId": 1, + "DeviceNetworkInfo": [ + { + "ConnectionType": "Text value", + "IPAddress": "221.192.199.49", + "MACAddress": "Text value", + "Name": "Text value", + "Vendor": "Text value" + } + ], + "DeviceReportedName": "5CD6473R77 - Demo HP Chromebook", + "EasId": "6Q93UFOQ7H0K39JPMFPTEMJQ3K", + "EnrolledViaDEP": true, + "EnrollmentStatus": "Enrolled", + "EnrollmentUserUuid": "00000000-0000-0000-0000-000000000000", + "HostName": "zs-MacBook-Air", + "Id": { + "Value": 0 + }, + "Imei": "356766060039613", + "IsActivationLockEnabled": true, + "IsCloudBackupEnabled": true, + "IsDeviceDNDEnabled": true, + "IsDeviceLocatorEnabled": true, + "IsNetworkTethered": true, + "IsRemoteManagementEnabled": "abcd", + "IsRoaming": true, + "IsSecurityPatchUpdate": true, + "IsSupervised": true, + "LastBluetoothSampleTime": "2022-06-03T03:01:26.8528889+01:00", + "LastComplianceCheckOn": "2022-06-03T03:01:26.8528889+01:00", + "LastCompromisedCheckOn": "2022-06-03T03:01:26.8528889+01:00", + "LastEnrolledOn": "2022-06-03T03:01:26.8528889+01:00", + "LastNetworkLANSampleTime": "2022-06-03T03:01:26.8528889+01:00", + "LastSeen": "2022-06-03T03:01:26.8528889+01:00", + "LastSystemSampleTime": "2022-06-03T03:01:26.8528889+01:00", + "LocalHostName": "zs-MacBook-Air.mshome.net", + "LocationGroupId": { + "Name": "Text value", + "Uuid": "6d82a40e-dcc1-46de-9fc2-33c9ad2f8797" + }, + "LocationGroupName": "locationgroup1", + "MacAddress": "485A3F880798", + "ManagedBy": 0, + "Model": "iPhone", + "ModelId": { + + }, + "OEMInfo": "Samsung", + "OSBuildVersion": "17G65", + "OperatingSystem": "10.3.2", + "Ownership": "C", + "PhoneNumber": "+14045550100", + "Platform": "Apple", + "PlatformId": { + + }, + "ProcessorArchitecture": 5, + "SecurityPatchDate": "2022-06-03T03:01:26.8629122+01:00", + "SerialNumber": "R51G844T90R", + "SystemIntegrityProtectionEnabled": true, + "SystemUpdateReceivedTime": "2022-06-03T03:01:26.8629122+01:00", + "TotalPhysicalMemory": 3, + "Udid": "827BE1C5AEC05C378C61C44103E9D3FCB2EC354D", + "UserApprovedEnrollment": true, + "UserEmailAddress": "user1@vmware.com", + "UserId": { + + }, + "UserName": "user1", + "Uuid": "8a2ca18c-8b1c-4783-bc18-2ccb61110e4f", + "VirtualMemory": 2, + "WifiSsid": "guest" +} +``` +
+ +## Sample queries + +```sql title="Total Devices" +_sourcecategory = "VMWare" +| json "Ownership", "UserEmailAddress", "IsDeviceDNDEnabled", "LocationGroupName", "Imei", "SystemIntegrityProtectionEnabled", "DeviceFriendlyName", "ProcessorArchitecture", "IsRoaming", "ComplianceStatus", "UserName", "LastComplianceCheckOn", "IsDeviceLocatorEnabled", "HostName", "IsCloudBackupEnabled", "LastEnrolledOn", "DeviceReportedName", "SerialNumber", "IsActivationLockEnabled", "CompromisedStatus", "OperatingSystem", "Model", "DataProtectionStatus", "SecurityPatchDate", "LocalHostName", "IsSupervised", "Platform", "LocationGroupId.Name", "OSBuildVersion", "TotalPhysicalMemory", "OEMInfo", "LastCompromisedCheckOn", "UserId.Uuid", "UserId.Name", "EnrollmentStatus", "DataEncryptionYN" as ownership,user_email, is_dnd_enabled, location_group_name, imei, is_system_protection_enabled, device_name, architecture, is_roaming, compliance_status, user_name, last_compliance_checked_on, is_device_location_enabled, hostname, is_cloud_backup_enabled, last_enrolled_on, device_reported_name, serial_number, is_activation_lock_enabled, compromised_status, os, model, data_protection_status, security_patch_date, local_hostname, is_supervised, platform, location_groupid_name, os_build_version, total_physical_mem, oem_info, last_compromised_checked_on, uuid, user_name1, entrollment_status, data_encryption nodrop +| json "DeviceNetworkInfo[0].IPAddress" as ip nodrop +``` + +## Set up collection + +To set up the [VMware Workspace ONE Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vmware-workspace-one-source) for the VMware Workspace ONE app, follow the instructions provided. These instructions will guide you through the process of creating a source using the VMware Workspace ONE Source category, which you will need to use when installing the app. By following these steps, you can ensure that your VMware Workspace ONE app is properly integrated and configured to collect and analyze your Alerts data. + +## Installing the VMware Workspace ONE app​ + +import AppInstall2 from '../../reuse/apps/app-install-v2.md'; + + + +## Viewing the VMware Workspace ONE dashboards​​ + +import ViewDashboards from '../../reuse/apps/view-dashboards.md'; + + + +### Overview + +The **VMware Workspace ONE - Overview** dashboard provides detils on compromised statuses, gaps in data encryption, device compliance, and geographical distribution of devices. This dashboards provides insights into non-compliant devices and users, compromised devices and users, and non data encrypted devices and users. Geolocation panels provide visibility into device locations and highlight roaming in embargoed regions.
VMware-Workspace-ONE-Overview + +## Create monitors for the VMware Workspace ONE app + +import CreateMonitors from '../../reuse/apps/create-monitors.md'; + + + +### VMware Workspace ONE monitors + +The VMware Workspace ONE monitors serve as a security tool, concentrating on observing essential operations and unusual occurrences within the VMware Workspace ONE Platform. These notifications offer instantaneous insight into significant events, allowing security personnel to swiftly react to deviations or breaches. + +| Name | Description | Trigger Type (Critical / Warning / MissingData) | Alert Condition | +|:--|:--|:--|:--| +| `Compromised Devices` | This monitor identifies devices marked as compromised in Workspace ONE. It monitors the `compromised_status` field to trigger when devices are flagged as compromised, enabling analysts to take immediate action to secure affected devices. | Critical | Count > 0 | +| `Non-Compliance Devices` | This monitor detects devices that fail to meet compliance standards based on the `compliance_status` field. It helps ensure devices adhere to organizational policies and regulatory requirements. | Critical | Count > 0| +| `Roaming Devices from Embargoed Countries` | This monitor tracks devices roaming in restricted or embargoed regions. It assists in mitigating risks associated with unauthorized device movement in high-risk areas. | Critical | Count > 0| + +## Upgrading/Downgrading the VMware Workspace ONE app (Optional) + +import AppUpdate from '../../reuse/apps/app-update.md'; + + + +## Uninstalling the VMware Workspace ONE app (Optional) + +import AppUninstall from '../../reuse/apps/app-uninstall.md'; + + diff --git a/sidebars.ts b/sidebars.ts index b6903b061d..3687a9da5b 100644 --- a/sidebars.ts +++ b/sidebars.ts @@ -2493,6 +2493,7 @@ integrations: [ 'integrations/saas-cloud/symantec-web-security-service', 'integrations/saas-cloud/tenable', 'integrations/saas-cloud/trend-micro-vision-one', + 'integrations/saas-cloud/vmware-workspace-one', 'integrations/saas-cloud/webex', 'integrations/saas-cloud/workday', 'integrations/saas-cloud/zendesk', From e857b36bfd0246306d1c26a9af2c7c9275484f9d Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Mon, 27 Jan 2025 12:43:25 +0530 Subject: [PATCH 02/12] Update blog-service/2025-01-28-apps.md Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com> --- blog-service/2025-01-28-apps.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blog-service/2025-01-28-apps.md b/blog-service/2025-01-28-apps.md index 73e288ec63..98a5482bc9 100644 --- a/blog-service/2025-01-28-apps.md +++ b/blog-service/2025-01-28-apps.md @@ -11,4 +11,4 @@ import useBaseUrl from '@docusaurus/useBaseUrl'; icon -We're excited to introduce the new VMware Workspace ONE app for Sumo Logic. This app leverages the Sumo Logic Cloud-to-Cloud VMware Workspace ONE source that collects audit logs data from the VMware Workspace ONE platform. This app helps security analysts monitor device compliance, encryption, and security status, offering a powerful solution for analysing spot risks, enforce policies, and keep devices secure. [Learn more](/docs/integrations/saas-cloud/vmware-workspace-one/). \ No newline at end of file +We're excited to introduce the new VMware Workspace ONE app for Sumo Logic. This app leverages the Sumo Logic Cloud-to-Cloud VMware Workspace ONE source that collects audit logs data from the VMware Workspace ONE platform. This app helps security analysts monitor device compliance, encryption, and overall security status, offering a powerful solution for effective risk analysis, policy enforcement, and device security. [Learn more](/docs/integrations/saas-cloud/vmware-workspace-one/). \ No newline at end of file From 9fbb7a281563b8ff155191fc53c6caafe6d73751 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Mon, 27 Jan 2025 12:43:39 +0530 Subject: [PATCH 03/12] Update docs/integrations/saas-cloud/vmware-workspace-one.md Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com> --- docs/integrations/saas-cloud/vmware-workspace-one.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/integrations/saas-cloud/vmware-workspace-one.md b/docs/integrations/saas-cloud/vmware-workspace-one.md index 1bea0f1009..7fa169ae53 100644 --- a/docs/integrations/saas-cloud/vmware-workspace-one.md +++ b/docs/integrations/saas-cloud/vmware-workspace-one.md @@ -2,7 +2,7 @@ id: vmware-workspace-one title: VMware Workspace ONE sidebar_label: VMware Workspace ONE -description: The VMware Workspace ONE app for Sumo Logic helps security analysts monitor device compliance, encryption, and security status, offering a powerful solution for analysing spot risks, enforce policies, and keep devices secure. +description: The VMware Workspace ONE app for Sumo Logic helps security analysts with valuable insights into various security and compliance aspects. --- import useBaseUrl from '@docusaurus/useBaseUrl'; From 359a1e2d22aec9c9b7da4ec1b517d11d587599f2 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Mon, 27 Jan 2025 12:43:53 +0530 Subject: [PATCH 04/12] Update docs/integrations/saas-cloud/vmware-workspace-one.md Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com> --- docs/integrations/saas-cloud/vmware-workspace-one.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/integrations/saas-cloud/vmware-workspace-one.md b/docs/integrations/saas-cloud/vmware-workspace-one.md index 7fa169ae53..6fe9eae1ee 100644 --- a/docs/integrations/saas-cloud/vmware-workspace-one.md +++ b/docs/integrations/saas-cloud/vmware-workspace-one.md @@ -9,7 +9,9 @@ import useBaseUrl from '@docusaurus/useBaseUrl'; vmware-workspace-one-logo -The Sumo Logic App for VMware Workspace ONE helps security analysts monitor device compliance, encryption, and security status. It offers dashboards that show non-compliant or compromised device, and data encryption gaps. Geolocation panels track device locations and flag roaming in restricted areas. Out-of-the-box alerts notify analysts about security issues like compromised devices, non-compliance, and unauthorized roaming. These features help analysts spot address risks, enforce security policies, and maintain a secure enterprise device ecosystem. +The Sumo Logic app for VMware Workspace ONE helps security analysts in monitoring device compliance, encryption, and overall security status. It provides dashboards that display non-compliant or compromised devices, along with data encryption deficiencies. Additionally, geolocation panels track device locations and identify instances of roaming in restricted areas. + +The app includes out-of-the-box alerts that notify analysts about critical security issues, such as compromised devices, non-compliance, and unauthorized roaming. These features enable analysts to identify and address risks, enforce security policies, and maintain a secure ecosystem for enterprise devices. :::info This app includes [built-in monitors](#vmware-workspace-one-monitors). For details on creating custom monitors, refer to the [Create monitors for VMware Workspace ONE app](#create-monitors-for-the-vmware-workspace-one-app). From 3656ec4453ce808837b6cdc36d03abb490534528 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Mon, 27 Jan 2025 12:44:10 +0530 Subject: [PATCH 05/12] Update docs/integrations/saas-cloud/vmware-workspace-one.md Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com> --- docs/integrations/saas-cloud/vmware-workspace-one.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/integrations/saas-cloud/vmware-workspace-one.md b/docs/integrations/saas-cloud/vmware-workspace-one.md index 6fe9eae1ee..7743bfea28 100644 --- a/docs/integrations/saas-cloud/vmware-workspace-one.md +++ b/docs/integrations/saas-cloud/vmware-workspace-one.md @@ -194,7 +194,7 @@ The VMware Workspace ONE monitors serve as a security tool, concentrating on obs |:--|:--|:--|:--| | `Compromised Devices` | This monitor identifies devices marked as compromised in Workspace ONE. It monitors the `compromised_status` field to trigger when devices are flagged as compromised, enabling analysts to take immediate action to secure affected devices. | Critical | Count > 0 | | `Non-Compliance Devices` | This monitor detects devices that fail to meet compliance standards based on the `compliance_status` field. It helps ensure devices adhere to organizational policies and regulatory requirements. | Critical | Count > 0| -| `Roaming Devices from Embargoed Countries` | This monitor tracks devices roaming in restricted or embargoed regions. It assists in mitigating risks associated with unauthorized device movement in high-risk areas. | Critical | Count > 0| +| `Roaming Devices from Embargoed Countries` | This alert activates when devices are identified roaming in restricted or embargoed regions. It helps mitigate risks linked to unauthorized device movement in high-risk areas. | Critical | Count > 0| ## Upgrading/Downgrading the VMware Workspace ONE app (Optional) From 1409de01583fd4a9e6804604ad0a5038db379796 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Mon, 27 Jan 2025 12:44:18 +0530 Subject: [PATCH 06/12] Update docs/integrations/saas-cloud/vmware-workspace-one.md Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com> --- docs/integrations/saas-cloud/vmware-workspace-one.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/integrations/saas-cloud/vmware-workspace-one.md b/docs/integrations/saas-cloud/vmware-workspace-one.md index 7743bfea28..d78ab3c011 100644 --- a/docs/integrations/saas-cloud/vmware-workspace-one.md +++ b/docs/integrations/saas-cloud/vmware-workspace-one.md @@ -193,7 +193,7 @@ The VMware Workspace ONE monitors serve as a security tool, concentrating on obs | Name | Description | Trigger Type (Critical / Warning / MissingData) | Alert Condition | |:--|:--|:--|:--| | `Compromised Devices` | This monitor identifies devices marked as compromised in Workspace ONE. It monitors the `compromised_status` field to trigger when devices are flagged as compromised, enabling analysts to take immediate action to secure affected devices. | Critical | Count > 0 | -| `Non-Compliance Devices` | This monitor detects devices that fail to meet compliance standards based on the `compliance_status` field. It helps ensure devices adhere to organizational policies and regulatory requirements. | Critical | Count > 0| +| `Non-Compliance Devices` | This alert is triggered when devices do not meet compliance standards as indicated by the `compliance_status` field. It ensures that devices adhere to organizational policies and regulatory requirements. | Critical | Count > 0| | `Roaming Devices from Embargoed Countries` | This alert activates when devices are identified roaming in restricted or embargoed regions. It helps mitigate risks linked to unauthorized device movement in high-risk areas. | Critical | Count > 0| ## Upgrading/Downgrading the VMware Workspace ONE app (Optional) From f073e3bc23204293831da1fb6ae0387c14a2b659 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Mon, 27 Jan 2025 12:44:28 +0530 Subject: [PATCH 07/12] Update docs/integrations/saas-cloud/vmware-workspace-one.md Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com> --- docs/integrations/saas-cloud/vmware-workspace-one.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/integrations/saas-cloud/vmware-workspace-one.md b/docs/integrations/saas-cloud/vmware-workspace-one.md index d78ab3c011..e5d0c3a8d4 100644 --- a/docs/integrations/saas-cloud/vmware-workspace-one.md +++ b/docs/integrations/saas-cloud/vmware-workspace-one.md @@ -192,7 +192,7 @@ The VMware Workspace ONE monitors serve as a security tool, concentrating on obs | Name | Description | Trigger Type (Critical / Warning / MissingData) | Alert Condition | |:--|:--|:--|:--| -| `Compromised Devices` | This monitor identifies devices marked as compromised in Workspace ONE. It monitors the `compromised_status` field to trigger when devices are flagged as compromised, enabling analysts to take immediate action to secure affected devices. | Critical | Count > 0 | +| `Compromised Devices` | This alert is triggered when any devices marked as compromised in Workspace ONE are identified. It monitors the `compromised_status` field to initiate actions when devices are flagged, allowing analysts to promptly secure affected devices.| Critical | Count > 0 | | `Non-Compliance Devices` | This alert is triggered when devices do not meet compliance standards as indicated by the `compliance_status` field. It ensures that devices adhere to organizational policies and regulatory requirements. | Critical | Count > 0| | `Roaming Devices from Embargoed Countries` | This alert activates when devices are identified roaming in restricted or embargoed regions. It helps mitigate risks linked to unauthorized device movement in high-risk areas. | Critical | Count > 0| From 1958caeaa3d09d359761818530b6eefce1644da9 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Mon, 27 Jan 2025 12:44:51 +0530 Subject: [PATCH 08/12] Update docs/integrations/saas-cloud/vmware-workspace-one.md Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com> --- docs/integrations/saas-cloud/vmware-workspace-one.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/integrations/saas-cloud/vmware-workspace-one.md b/docs/integrations/saas-cloud/vmware-workspace-one.md index e5d0c3a8d4..17722084ef 100644 --- a/docs/integrations/saas-cloud/vmware-workspace-one.md +++ b/docs/integrations/saas-cloud/vmware-workspace-one.md @@ -188,7 +188,7 @@ import CreateMonitors from '../../reuse/apps/create-monitors.md'; ### VMware Workspace ONE monitors -The VMware Workspace ONE monitors serve as a security tool, concentrating on observing essential operations and unusual occurrences within the VMware Workspace ONE Platform. These notifications offer instantaneous insight into significant events, allowing security personnel to swiftly react to deviations or breaches. +The VMware Workspace ONE monitors act as a security tool that focuses on tracking critical operations and identifying unusual activities within the VMware Workspace ONE platform. These notifications provide real-time insights into significant events, enabling security personnel to quickly respond to any deviations or breaches. | Name | Description | Trigger Type (Critical / Warning / MissingData) | Alert Condition | |:--|:--|:--|:--| From 1d66d26964971e852d2693cd8309276e81de143d Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Mon, 27 Jan 2025 12:45:00 +0530 Subject: [PATCH 09/12] Update docs/integrations/saas-cloud/vmware-workspace-one.md Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com> --- docs/integrations/saas-cloud/vmware-workspace-one.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/integrations/saas-cloud/vmware-workspace-one.md b/docs/integrations/saas-cloud/vmware-workspace-one.md index 17722084ef..364d06079d 100644 --- a/docs/integrations/saas-cloud/vmware-workspace-one.md +++ b/docs/integrations/saas-cloud/vmware-workspace-one.md @@ -178,7 +178,7 @@ import ViewDashboards from '../../reuse/apps/view-dashboards.md'; ### Overview -The **VMware Workspace ONE - Overview** dashboard provides detils on compromised statuses, gaps in data encryption, device compliance, and geographical distribution of devices. This dashboards provides insights into non-compliant devices and users, compromised devices and users, and non data encrypted devices and users. Geolocation panels provide visibility into device locations and highlight roaming in embargoed regions.
VMware-Workspace-ONE-Overview +The **VMware Workspace ONE - Overview** dashboard provides valuable insights into various security and compliance aspects. It displays the device information that has compromised statuses, gaps in data encryption, and device compliance. This dashboard provides insights into non-compliant devices and users, compromised devices and users, and non-data encrypted devices and users. Additionally, the geolocation panels provide a clear view of device locations and reveal any instances of roaming in restricted regions.
VMware-Workspace-ONE-Overview ## Create monitors for the VMware Workspace ONE app From 684e1ff5316eb4d8cf643e62c0c8848babc08c60 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Mon, 27 Jan 2025 12:55:12 +0530 Subject: [PATCH 10/12] updated the App install flow --- .../saas-cloud/vmware-workspace-one.md | 28 +++++++++++++++---- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/docs/integrations/saas-cloud/vmware-workspace-one.md b/docs/integrations/saas-cloud/vmware-workspace-one.md index 364d06079d..8cbd0b58ba 100644 --- a/docs/integrations/saas-cloud/vmware-workspace-one.md +++ b/docs/integrations/saas-cloud/vmware-workspace-one.md @@ -160,15 +160,33 @@ _sourcecategory = "VMWare" | json "DeviceNetworkInfo[0].IPAddress" as ip nodrop ``` -## Set up collection +## Collection configuration and app installation -To set up the [VMware Workspace ONE Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vmware-workspace-one-source) for the VMware Workspace ONE app, follow the instructions provided. These instructions will guide you through the process of creating a source using the VMware Workspace ONE Source category, which you will need to use when installing the app. By following these steps, you can ensure that your VMware Workspace ONE app is properly integrated and configured to collect and analyze your Alerts data. +import CollectionConfiguration from '../../reuse/apps/collection-configuration.md'; -## Installing the VMware Workspace ONE app​ + -import AppInstall2 from '../../reuse/apps/app-install-v2.md'; +:::important +Use the [Cloud-to-Cloud Integration for VMware Workspace ONE Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vmware-workspace-one-source) to create the source and use the same source category while installing the app. By following these steps, you can ensure that your VMware Workspace ONE app is properly integrated and configured to collect and analyze your VMware Workspace ONE data. +::: + +### Create a new collector and install the app + +import AppCollectionOPtion1 from '../../reuse/apps/app-collection-option-1.md'; + + + +### Use an existing collector and install the app + +import AppCollectionOPtion2 from '../../reuse/apps/app-collection-option-2.md'; + + + +### Use an existing source and install the app + +import AppCollectionOPtion3 from '../../reuse/apps/app-collection-option-3.md'; - + ## Viewing the VMware Workspace ONE dashboards​​ From cacbff03ca3e3a7c2abbfdc04af117335d66ef77 Mon Sep 17 00:00:00 2001 From: Jagadisha V <129049263+JV0812@users.noreply.github.com> Date: Mon, 27 Jan 2025 12:59:36 +0530 Subject: [PATCH 11/12] Update docs/integrations/saas-cloud/vmware-workspace-one.md --- docs/integrations/saas-cloud/vmware-workspace-one.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/integrations/saas-cloud/vmware-workspace-one.md b/docs/integrations/saas-cloud/vmware-workspace-one.md index 8cbd0b58ba..75617a7c41 100644 --- a/docs/integrations/saas-cloud/vmware-workspace-one.md +++ b/docs/integrations/saas-cloud/vmware-workspace-one.md @@ -212,7 +212,7 @@ The VMware Workspace ONE monitors act as a security tool that focuses on trackin |:--|:--|:--|:--| | `Compromised Devices` | This alert is triggered when any devices marked as compromised in Workspace ONE are identified. It monitors the `compromised_status` field to initiate actions when devices are flagged, allowing analysts to promptly secure affected devices.| Critical | Count > 0 | | `Non-Compliance Devices` | This alert is triggered when devices do not meet compliance standards as indicated by the `compliance_status` field. It ensures that devices adhere to organizational policies and regulatory requirements. | Critical | Count > 0| -| `Roaming Devices from Embargoed Countries` | This alert activates when devices are identified roaming in restricted or embargoed regions. It helps mitigate risks linked to unauthorized device movement in high-risk areas. | Critical | Count > 0| +| `Roaming Devices from Embargoed Countries` | This alert is triggered when devices are identified roaming in restricted or embargoed regions. It helps mitigate risks linked to unauthorized device movement in high-risk areas. | Critical | Count > 0| ## Upgrading/Downgrading the VMware Workspace ONE app (Optional) From f2c82cab07105461aa36871d2684b1e9ef563f28 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Mon, 27 Jan 2025 23:19:51 +0530 Subject: [PATCH 12/12] Update docs/integrations/saas-cloud/vmware-workspace-one.md Co-authored-by: John Pipkin (Sumo Logic) --- docs/integrations/saas-cloud/vmware-workspace-one.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/integrations/saas-cloud/vmware-workspace-one.md b/docs/integrations/saas-cloud/vmware-workspace-one.md index 75617a7c41..c12b8db274 100644 --- a/docs/integrations/saas-cloud/vmware-workspace-one.md +++ b/docs/integrations/saas-cloud/vmware-workspace-one.md @@ -19,7 +19,7 @@ This app includes [built-in monitors](#vmware-workspace-one-monitors). For detai ## Log types -This app uses Sumo Logic’s VMware Workspace ONE Source to collect [audit logs](https://help.sumologic.com/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vmware-workspace-one-source/) from the VMware Workspace ONE platform. +This app uses Sumo Logic’s [VMware Workspace ONE Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vmware-workspace-one-source/) to collect audit logs from the VMware Workspace ONE platform. ## Sample log message