A common description of Workspace ONE Intelligence goes like this: it allows you to aggregate, correlate and automate. While this is accurate, I'd like to reverse the order, emphasizing the solution allows you to automate, targeting this automation based on data aggregated in the Intelligence cloud. WS1 Intelligence enables ruthless automation and that truly distinguishes it as solution. It provides the ability to trigger automated responses across iOS, Android, Win10 and macOS devices anywhere in the world. We can finely tune and customize these actions within a WS1 UEM environment and, further, potentially extend this automation to any 3rd party solution that supports a REST API.
This post begins by exploring the built-in automation capabilities of WS1 Intelligence for WS1 UEM, Slack, and ServiceNow. Through Intelligence, "Workflows," actions across these environments can be chained together to formulate a wholistic response to targeted incidents or state changes. Next, this article will review how custom connectors not only allow us to finely tune these triggered responses, but also extend the reach of Intelligence automation to 3rd party SaaS apps that support a REST API. To that purpose I'll explore the use of Postman in the creation of these custom connectors, using ServiceNow as a model. Finally, I'll circle back to the data within Intelligence that triggers this glorious and ruthless automation.
Built-In Automation For WS1 UEM
Common tasks executed through the WS1 UEM console can be automated through WS1 Intelligence. Out of the box there are 28 built-in actions for UEM available within the Intelligence Workflows, anything from removing apps or profiles to enterprise and device wipes. Further, as a catch all, there's the option to TAG devices, which opens up the possibility to achieve anything normally accessible through policies and smart groups. Below is a partial screen shot of the UEM automations built-in to Intelligence. The official documentation enumerates these 28 options under the section, "Automations For Workspace ONE Intelligence."
Compliance policies are still relevant, however, in terms of pure range of actions, Intelligence takes automation to the next level, allowing folks to automate pretty much anything that can be done from the UEM console. Further, these actions can be triggered by an extensive range of attributes collected in the Intelligence cloud, with hundreds of UEM gathered device traits to choose from, let alone information gathered from Sensors or Trust Network partners.
So along with a wider range of actions we also gain the ability to drive this automation with information from the Intelligence data lake. Further, these actions can transcend the WS1 environment, extending to 3rd party apps that support REST APIs, starting with the built-in connectors for ServiceNow and Slack.
Built-In Connectors For ServiceNow And Slack
Along with WS1 UEM, there's built-in actions for ServiceNow and Slack. For ServiceNow there's options to create incidents and tickets, while for Slack you can send messages to channels and users. Enabling these integrations is simply a matter of adding base URLs and credentials to preconfigured connectors, so existing ServiceNow and Slack customers can quickly extend WS1 Intelligence goodness to these solutions. As you leverage these built-in automations within, "Workflows," there's options to populate fields with relevant variables from WS1 Intelligence, as illustrated in the image below.
Chaining Automations Together With Workflows
In the example above, when a device has less than 2 gigabits of storage the user is sent an email notification through WS1, a ticket is automatically created in ServiceNow, and a message is sent to the IT team through Microsoft Teams. This not only saves time for staff but also spares the user from performance degradation. The video below includes a demonstration of Workflows and also provides a general overview of integration options between Workspace ONE and ServiceNow.
The integration with Teams in the video above was made possible by a sample custom connector that interacts with a Microsoft REST API. It's a great example of the extensibility made possible by custom connectors.
Sample Custom Connectors
Similar to the built-in connectors for Salesforce and ServiceNow, you can create custom connectors for other 3rd party applications that support REST APIs. In a nutshell, if you can execute a task in a 3rd party app with a single request through Postman there's potential to automate that process through WS1 Intelligence. Sample custom connectors are available from the VMware Sample Exchange, under the description, Workspace ONE Intelligence Custom Connector Samples. These sample json files, collections that have been exported from Postman, can be directly imported into WS1 Intelligence to integrate with solutions like Jira, Salesforce and Remedy. For instance, the messaging to Microsoft Teams shown in the demo video above is achieved through a direct import of one of these samples.
While you can import these samples directly into WS1 Intelligence as is, you can also import them into Postman to take them for a test spin or tweak them out according to your needs.
Postman, a REST Client that allows you to easily develop and test out REST API calls, is what Workspace ONE Intelligence itself uses behind the scenes to execute actions defined for connectors. Fortunately, the free version of Postman available at postman.com has all the features you need to create your own custom connectors. There's an excellent overview of the tool at https://learning.postman.com/, though I'm also quite fond of this short and concise ServiceNow oriented post in ServiceNow Communities. Given the ubiquity of REST APIs throughout the Horizon and Workspace ONE stack it's a nifty tool to have lying around.
Creating Your Own Custom Connector
Creating your own custom connector begins with developing calls to the 3rd party solution's APIs through Postman. Once you have a request successfully tested you perform an export from Postman to a JSON file that's imported into Intelligence. After the import's complete you'll have access to the call within the Intelligence Workflows interface. Further details are provided in Workspace ONE Intelligence Custom Connector Samples and within the official guide under the section, Custom Connectors. To illustrate the whole process from start to finish the following is an example customization for ServiceNow.
Below is a request to ServiceNow that will create a new task under, "Service Catalog." It's based off of ServiceNow's Table API and it's sc_task action for adding catalog task records. Accordingly, within Postman I've entered in the proper URL for this call along with parameters and authorization.
ServiceNow Options
A few features of ServiceNow in particular make it well suited for integration with Workspace ONE Intelligence. To begin with there's the ability to create custom REST APIs and web services. Earlier I mentioned that WS1 Intelligence is limited to leveraging single calls from Postman, without the ability to chain multiple calls in a collection. Well, we can fill in the gap by creating custom services in ServiceNow, allowing for the handling of complex logic on the ServiceNow side of the equation. A wonderful example of this is detailed in the blog post, "WS1 And ServiceNow," by David Pacold. In this post David offers a recipe for populating ServiceNow with device asset information from WS1 by creating a system web service in ServiceNow that's fed asset information from a WS1 Intelligence connector.
Another benefit to ServiceNow adoption is its REST API explorer. This utility, built right into ServiceNow console, facilitates the exploration and testing of REST API calls. It provides the ability to test calls in real time while providing guard rails, if you will, as you explore the APIs functionality. For example, to explore the Table API demonstrated in the previous section, you can open REST API explorer and select the api from an easy to use drop down menu. Then, after choosing the REST operation type, it guides you through the different parameters that can be used by the API call.
Further, after selecting the parameters, you can test out the call directly from the utility with the results displayed at the bottom. If the results are desirable, you can copy the syntax of the command directly from explorer into the body of your request within Postman.
Given the convenience the REST API explorer offers, a clear path forward when working with ServiceNow is:
REST API Explorer —> Postman —> Collection_Export.json —> Custom_Connector
Okay, Now Let’s Talk About Data
Sources Of Information For The WS1 Intelligence Data Lake
While I think WS1 Intelligence has potential to benefit most use cases, to my mind, modern management is where it shines brightest. As someone who got clobbered by one worm after another throughout the 2000's, the ability to trigger a coordinated response to threat detection alone is extremely compelling. The range of visibility across modern managed devices is impressive as well. When you take the normal visibility offered through UEM, then enhance it with Sensors and Carbon Black, you're getting an awful lot of insight and perspective. If security is top of mind for Win10 and macOS users this stack is hard to beat.
Conclusion
Over the last couple years I've slowly been won over by WS1 Intelligence. I must admit, initially, I was a little bit cynical about the solution. The earlier marketing material sounded to me like to the INXS song, Mediate. "It does everything that ends with, 'ate'! " In my snarkier moments, I'd compare it to a Don King promotion. "You will aggregate, correlate, automate then absolutely fustigate your IT challenges!!! I don't care if your name is Kate or Nate! It will be the greatest data lake that no one can imitate! If you are into endpoint management it is your fate!!!"
However, the acquisition of Carbon Black, the introduction of Sensors and increased relevance of modern management have made WS1 Intelligence advantages much more obvious. Increasing SaaS adoption and the introduction of custom connectors have also enhanced its overall appeal. The ability to automate ruthlessly across managed devices and SaaS landscape is a downright intoxicating proposition that speaks to the souls of most techies I know. We live for this stuff.