Device details

Clicking on a device name in the device view shows the device's details. Devices with the Ivanti Neurons Agent have the most data, including real-time information and interaction with that device. Devices imported through other Neurons Platform connectors and without the Neurons Platform or Endpoint Manager agents may not have much information beyond the device name.

Devices with the Ivanti Neurons Agent show Edge Intelligence data if the Neurons Platform can make a connection to the device. For more information, see Edge Intelligence .

The Actions panel is on the right side of the screen. The Actions panel automatically appears when you open the Device Details page, but if you don't see it, click the Actions button in the top right corner. For more information about using actions, see Device actions.

The Devices view can include several pages:

Shows basic connectivity and status information for the device, such as the logged in user name, internet latency, domain or workgroup name, system up time, and scan dates.

Summarizes available process details, including a snapshot of CPU and memory utilization, and average disk queue length. This is a snapshot based on the last time the view was refreshed.

When you select a process on the Process page, the process's details appear. If you have the Global Actions > Manage Processes permission, clicking Stop in the details view sends a terminate process request to the agent on the device. A toast notification lets you know the request was sent, and eventually another notification appears letting you know the result.

The Services page shows all installed services on the device and whether each service was running or not at the time of the snapshot. Clicking the play button next to a stopped service starts it, and clicking the stop button next to a running service stops it. Start service requested and Start service completed toast notifications appear if the state change was successful.

Service state with start and stop

Shows Ivanti Service Manager incidents logged for the device.

Shows the output of standard network troubleshooting commands you can run on the device, such as tracert, netstat, ping, ipconfig, and so on. For Domain Commands that require an IP address or domain name (such as tracert), type the address in the text box in order to run the command.

Allows you to query for real-time device information and status. Requires the Ivanti Neurons Agent and Edge Intelligence permissions. For more information, see Edge Intelligence .

The software reputation system uses an Ivanti cloud-hosted database of file information, including names, sizes, metadata, and known good SHA1 hashes. Much of the file reputation database is from the National Software Reference Library (NSRL). You can visit their web site for more information: http://www.nsrl.nist.gov/new.html.

A file can have one of these three reputations:

  • Good: The file matches an entry in the NSRL database or Ivanti has gathered enough information to believe that the file is safe.
  • Bad: The file doesn't match any NSRL database entries or Ivanti has gathered enough information to believe that the file isn't safe.
  • Undecided: There aren't any matches on this file or there aren't enough matches to help decide whether the file is good or bad.

Among other factors, the file reputation algorithm considers how often matching files occur, how old the matches are, who signed the files, and how often those occurrences are allowed or blocked in Ivanti Endpoint Manager.

When software data is imported into the Neurons Platform, it is matched to an item in the Ivanti Definitive Software Library (DSL), which enables it to identify the software on a device that requires a license. Software on the device that requires a license is listed on this tab along with usage data and other information from the DSL for that software title. For more information, see Software Insights.

This page enables you to view the patch status of the device and perform a number of patch-related actions.

Management: Shows the source of the device data and indicates how the device is being managed. This can be from a connector to an on-premise product, it can be natively from Ivanti Neurons (the Cloud), or both.

Use the links at the top of the page to filter the patch notifications that are shown in the table.

  • Total patches: Shows the total number of patches detected on the device. This total included missing, installed and deploying patches.
  • Missing: Shows the patches that were detected as missing on the device during the most recent patch scan.
  • Installed: Shows the patches that were detected as installed on the device during the most recent patch scan. If you are using Endpoint Manager, you must have setup the Gather historical information task to display the installed patches. For further details see Endpoint Manager Help.
  • Deploying: Shows the patches that are currently being deployed to the device.
  • Failed: Shows the patches that failed to install on the device.

Actions You Can Perform

Currently, Linux patch deployments always deploy all missing patches.

Scan now: This command works only for devices that are managed from the Cloud. It initiates a patch scan of the device for all missing patches. The scan is performed by a task that is triggered by the client agent. The results are reported to the Device > Patches page and to Endpoint Vulnerability.

Deploy patches: This command works for devices that are managed from the Cloud and for devices managed by either Ivanti Endpoint Manager or Ivanti Security Controls. It initiates an immediate deployment of the selected missing patches. This is particularly useful when the deployment of a particular patch is urgent and you don't want to wait for a scheduled deployment. If the device is managed both from the Cloud and by an on-premise product, the deployment command will be issued through the Cloud. The deployment results are reported to Endpoint Vulnerability, Deployment History and the Device > Patches page.

If a reboot of the device is required, it will occur immediately following the successful deployment of the patches unless there is an active user on the device. If a user is logged on to the device, they will receive a 1-hour countdown timer that notifies them of the pending reboot. The user will have the ability to extend the time-out by 10 minutes. The reboot action will be forced after one day.

Deployment Requirements:

  • You must have the necessary permissions to deploy patches. To set this up, go to Admin > Access Control > Roles and click the role you want to configure. On the Permissions tab, click Global Actions > Deploy Patch.
  • If you have an Endpoint Manager or Security Controls connector, the following must be configured before attempting to deploy patches:
    • An Endpoint Manager or Security Controls connector has been added and has Action Details configured.
    • Connector has run and published patch scan data to the Neurons Platform.

Once a missing patch has been deployed, a notification is displayed in the Neurons Platform notification area notification icon.

Export CSV: You can choose to export selected patch notifications to a CSV file. The file is saved to your local downloads folder.

Search: Use the Search field to enter a keyword; the list will then only show patches that contain the keyword. The keyword is matched to any case-insensitive text found from within all of the patches. To remove a search filter, click the clear filters iconfunnel with a cross to indicate clear any applied filters.

Endpoint Manager Troubleshooting
If the notification indicates an error with the deployment configuration, then there was an issue attempting to reconcile the Endpoint Manager core server to perform the deployment. This could occur due to the following conditions:

  • Existing Endpoint Manager connector has not been configured with Action Details.
  • Multiple Endpoint Manager connectors have identical core server names; core server names must be unique for patch deployment to work.

For more information on patches, see Patch Intelligence.

View Windows event log entries. This page uses Edge Intelligence to retrieve the 100 most recent entries in real time. IT analysts often look at Windows event logs to identify any errors that may indicate why a device is having issues. Now you can do this without having to log in remotely.

The Ivanti Neurons Digital Experience (DEX) Score is calculated based on a curated set of indicators, hybrid machine learning, and statistical models. The score ranges between 0 and 100, with higher scores indicating better experiences.

For more information on DEX and how it works, see DEX Scores.

Identifies a device's vulnerabilities, categorized by severity and gathered from the following data sources if the corresponding connectors are installed: Qualys, Rapid7, and Tenable.io. If more than one of these connectors is installed, the data is aggregated. Each vulnerability in the list is selectable, enabling you to view the CVE details on the National Vulnerability Database website. You can filter the list via the Severity column.

For details about installing these connectors, see Qualys connector, Rapid7 connector, and Tenable.io connector.

Browse a device's hardware and software inventory attributes.