Neuerungen

Automated Policy Assignment helps managing Ivanti Neurons Agent Policies across large numbers of devices with ease. Instead of manually setting up policies for each endpoint, the system automatically assigns the right policies based on device attributes such as type or location. This ensures that new and existing devices always get the security and management required.

Administrators can set up a catch-all default policy that applies to all agent endpoints on the network. Where certain devices need specific policies, it is easy to add individual device or device group exceptions and configure the exceptions to take priority. This reduces administration time and lets IT to manage more complex tasks and helps keep every device protected and compliant.

Learn more about Configuring Automated Policy Assignment.

The Azure Blob Storage SIEM Outbound Connector is now generally available.

Learn more about Azure Blob Storage SIEM-Weiterleitungsconnector.

The Splunk HTTP Event Collector (HEC) Outbound Connector is now available in technical preview. This feature enables customers to export Ivanti Neurons Audit Trails directly to Splunk Enterprise via HEC.

Learn more about Splunk HEC Connector.

• Actions in People View are now being logged and visualized in the Ivanti Neurons Audit Trail.

• Administrative tasks in Inventory Scanner Settings are now being logged and visualized in the Ivanti Neurons Audit Trail.

• Administrative tasks in Remote Control Settings are now being logged and visualized in the Ivanti Neurons Audit Trail.

External Authentication (SSO) method for the following external SSO providers:

• PingFederate Authentication (SAML)

• PingFederate Authentication (OIDC)

• ADFS Authentication (SAML): When integrating authentication with ADFS, you can also use Signed Requests and/or Encrypted Assertions.

  • Signed request are used so the Identity Provider (for example, ADFS) can verify the origin and integrity of the requests.

  • Encrypted Assertions are used so that the response from the Identity Provider, which includes user credentials, are protected from being intercepted and read by unauthorized parties

• Other IdP Authentication (SAML): A new SSO method is now added to use any other Identity Provider. If your Identity Provider is not one of those explicitly supported, this option can be used to integrate with that Identity Provider.
  The SAML protocol is supported for this option. It also allows Signed Requests and/or Encrypted Assertions to be used (requires Identity Provider support).

App Control now includes a new chart that provides insights into the applications granted permissions through the Policy Change Requests, along with actionable ROI analytics. This expanded visibility lets administrators easily correlate the number of grants with subsequent allowances and elevations.

Learn more about Policy Change Requests in App Control-Übersicht.

App Control rules support EntraID Users and Groups, enabling better security and streamlined process management. Now, the administrators can define application control policies based on EntraID (formerly Azure Active Directory) users and groups, rather than relying on local accounts or static groups.

Learn more about Configuring Entra ID.

The Neurons for App Control agent now supports custom port configuration for improved flexibility and network compatibility. This introduces BrowserAppStorePort and BrowserCommsPort settings within the Application Control configuration. Administrators have granular control over which network ports the agent uses for browser-related services and communications.

Learn more about these port settings in Konfigurationseinstellungen.

Organizations can now configure custom policies to prohibit executable files on removable media. This option allows administrators to manage policies prohibiting files, particularly executables, on removable media such as USB drives.

Learn more about the settings in Konfigurationseinstellungen.

A new monitoring setting Power State History is available in Edge Intelligence settings. When the setting is enabled on a device, it tracks the various power states over time, allowing you to see when devices are On, Off, in Sleep, or Hibernate mode.

Learn more about Power State History in Edge Intelligence-Einstellungen.

An additional monitoring setting is introduced for the existing Ivanti Application Monitor functionality. This setting is available in Edge Intelligence settings and allows you to enable or disable the monitoring feature as required. The Ivanti Application Monitor component is installed or uninstalled when Edge Intelligence is the only service subscribing or subscribed to it.

Learn more about Application Monitor in Edge Intelligence-Einstellungen and KB article.

Auf den Seiten zur Angriffsoberfläche in Ivanti Neurons werden zunächst keine Daten angezeigt. Sie müssen zuerst Seed-Links zur Internetpräsenz Ihres Unternehmens bereitstellen. Navigate to External Attack Surface > Manage Seeds page. Anschließend scannt der Internet-Gefährdungsscanner von Ivanti diese Seeds und erstellt einen Bericht über die gefundenen Assets und Gefährdungen.

Learn more about Enhanced Onboarding and Usability in Ivanti Neurons for External Attack Surface Management.

Abuse prevention measures have been implemented for blocklisted domains within EASM to ensure improved security and compliance.

With scope support enabled, bots run by users through custom actions, the run now button or bot preview will now only execute against devices or people that their account is permitted to access.

Learn more about Scopes in Zugriffskontrolle and Neurons Bots-Ergebnisse.

Added support for deploying App Distribution’s bundle applications to the Bots stage to ensure both individual and groups of applications can be targeted.

Learn more about Bundle Support in App-Verteilung auslösen.

Mac and Windows icons are now added to the cards in the bot template library along with all the stages updated in the template library. This allows users to see what operating system the bots supports OOTB without having to create a saved copy first.

The ability to run the PowerShell Query stage as a specified user opens up the ability for additional use cases such as checking for access to network resources.

Learn more about PowerShell Query in Benutzerdefinierte Phasen and Neurons Bots-Phasen.

A number of changes have been made to the Automation framework to improve the speed at which Bot stages and their results are processed.

Performance improvements have been made and data filtering issues are fixed with Entra ID connector. The Neurons Entra ID connector is now updated:

• Previously, applying user group filters led to some users being skipped. This issue is now fixed.

• The connector made a large number of API calls to retrieve group members, which resulted in longer execution times and increased the risk of network failures.

• API call volume is reduced, allowing the connector to complete its execution much faster.

• A retry mechanism is introduced to handle network related issues more robustly.

Learn more about Microsoft Entra ID Connector.

Software Inventory now has the ability to include complementary data from the Ivanti Software Library. The data includes regularly updated attributes such as end-of-life, product family, and release version details. If edited, inventory data does not match new Software Library data, you can easily review and resolve by accepting the new Ivanti data or keeping your edits.

Learn more about Software Conflict Resolution in Software-Bestandsaufnahme.

Auf der Seite Einstellungen für Inventarscanner wurden neue Einstellungen zum Aktivieren der BitLocker-Schlüssel-Einstellungen eingeführt. Nach der Aktivierung beginnt die Neurons-Plattform während des Inventarscans mit dem Erfassen des BitLocker-Wiederherstellungsschlüssels von dem Gerät, auf dem das Windows-Betriebssystem ausgeführt wird. Dieser Schlüssel wird im System für die zukünftige Schlüsselwiederherstellung gespeichert.

IT-Administratoren mit Zugriff auf das Neurons-Dashboard können den Wiederherstellungsschlüssel bei Bedarf abrufen. Um beispielsweise bei Neurons den Wiederherstellungsschlüssel zu finden, navigieren Sie zu Geräte > Windows-Betriebssystem > Verschlüsselungsschlüssel > Wiederherstellungsschlüssel-ID auswählen.

Einstellungen für InventarscansGeräteaktionenErfahren Sie mehr über den BitLocker-Wiederherstellungsschlüssel unter Einstellungen für den Inventarscanner und Geräteaktionen.

The Status field in Device Patch Deployment History dataset now includes patch rollback status.

Weitere Informationen finden Sie unter Dashboard-Designer.

Device view column configuration has been enhanced with secondary columns. Secondary columns allow the selection of columns that have arrays of data.

Learn more about Device View in Geräte.

Multiple enhancements have been made to the Automation framework to improve the speed at which Bot stages and their results are processed.

The Execute Script - CMD Support

The ability to run CMD prompt commands has been added to the Execute script function. Along with this, CMD prompt commands can be run as either local system or currently logged in user.

Learn more about Execute Script in Geräteaktionen.

The initial release of Ring Deployments supported a phased rollout of patches over a period of 30 days. To support organizations with rollout requirements greater than a month, Ring Scheduling now extends to a maximum of 90 days and supports individual soak time of up to 28 days for each Ring.

Multiple Ring rollouts now operates consecutively, allowing a Ring that has successfully completed a deployment to initiate a new rollout while the previous rollout still deploys on later rings.

Learn more about Multiple Concurrent Ring Rollouts in Konfigurationsverhalten.

Previously, devices needed to be individually added to specific Rings when employing a Ring Deployment. With this release, administrators can optionally assign whole device groups to Rings. Devices that are later added to a device group automatically populate the associated Ring.

Learn more about Dynamic Ring Assignment in Ringbereitstellungen.

Administrators now have the option to simultaneously rollback to a previous version of a patch that was successfully installed on multiple devices. This eliminates the need to individually rollback a bad patch on each affected device independently.

Learn more about Multi-Device Patch Rollback in Gerätedetails.

A new icon is added next to device names in console pages to indicate if that device is a member of a device group. A numerical value is also provided next to the icon to identify the number of device groups to which the device is a member. When the icon or number is selected, a searchable overlay is presented displaying the associated device groups.

Learn more about Device Groups in Bereitstellungsverlauf.

In the console Device page > Patches tab, administrators can now select one or more advisories and add them to a patch group without needing to navigate to the Patch Intelligence page.

PatchgruppenWeitere Informationen zu Patchgruppen.

Reports generated for Patch Management now respect device scopes assigned to users. When a user creates a report, it is automatically scoped based on their assigned device access.

Learn more about Device Scopes in Patchmanagement-Berichte.

Reporting Access Controls have been updated for Patch Management, External Attack Surface Management (EASM), and Audit Trails. Users with View permission can only access reports they have generated or reports that have been explicitly shared with them. To share reports with other users, new Share permission is required.

Learn more about Permissions and Roles in Berichte.

Two OOTB Patch Management report templates, Deployment History (Summary) and Deployment History (Detailed) now include new columns and sections detailing successful patch rollbacks.

Learn more about Deployment Status in Patchmanagement-Berichte.