Device details

Selecting a device name in the device view shows the device's details. Devices with the Ivanti Neurons Agent have the most data, including real-time information and interaction with that device. Devices imported through other Neurons Platform connectors and without the Neurons Platform or Endpoint Manager agents may not have much information beyond the device name.

Devices with the Ivanti Neurons Agent show Edge Intelligence data if the Neurons Platform can make a connection to the device. For more information, see Edge Intelligence .

The Actions panel is on the right side of the screen. The Actions panel automatically appears when you open the Device Details page, but if you don't see it, select the Actions button in the top right corner. For more information about using actions, see Device actions.

The Devices view can include several pages:

Shows basic connectivity and status information for the device, such as the logged in user name, internet latency, domain or workgroup name, system up time, and scan dates.

Summarizes available process details, including a snapshot of CPU and memory utilization, and average disk queue length. This is a snapshot based on the last time the view was refreshed.

When you select a process on the Process page, the process's details appear. If you have the Global Actions > Manage Processes permission, selecting Stop in the details view sends a terminate process request to the agent on the device. A toast notification lets you know the request was sent, and eventually another notification appears letting you know the result.

The Services page shows all installed services on the device and whether each service was running or not at the time of the snapshot. Selecting the play button next to a stopped service starts it, and selecting the stop button next to a running service stops it. Start service requested and Start service completed toast notifications appear if the state change was successful.

Service state with start and stop

Shows Ivanti Service Manager incidents logged for the device.

Shows the output of standard network troubleshooting commands you can run on the device, such as tracert, netstat, ping, ipconfig, and so on. For Domain Commands that require an IP address or domain name (such as tracert), type the address in the text box in order to run the command.

Allows you to query for real-time device information and status. Requires the Ivanti Neurons Agent and Edge Intelligence permissions. For more information, see Edge Intelligence .

The software reputation system uses an Ivanti cloud-hosted database of file information, including names, sizes, metadata, and known good SHA1 hashes. Much of the file reputation database is from the National Software Reference Library (NSRL). You can visit their web site for more information: http://www.nsrl.nist.gov/new.html.

A file can have one of these three reputations:

  • Good: The file matches an entry in the NSRL database or Ivanti has gathered enough information to believe that the file is safe.
  • Bad: The file doesn't match any NSRL database entries or Ivanti has gathered enough information to believe that the file isn't safe.
  • Undecided: There aren't any matches on this file or there aren't enough matches to help decide whether the file is good or bad.

Among other factors, the file reputation algorithm considers how often matching files occur, how old the matches are, who signed the files, and how often those occurrences are allowed or blocked in Ivanti Endpoint Manager.

When software data is imported into the Neurons Platform the Agent helps to identify the software on a device that requires a license. Software on the device that requires a license is listed on this tab along with usage data and other information from the Agent for that software title. For more information, see Software Insights.

This page enables you to view the patch status of the device and perform a number of patch-related actions.

Management: Shows the source of the device data and indicates how the device is being managed. This can be from a connector to an on-premise product, it can be natively from Ivanti Neurons (the Cloud), or both.

Use the links at the top of the page to filter the patch notifications that are shown in the table.

  • Total patches: Shows the total number of patches detected on the device. This total included missing, installed and deploying patches.
  • Missing: Shows the patches that were detected as missing on the device during the most recent patch scan.
  • Installed: Shows the patches that were detected as installed on the device during the most recent patch scan. If you are using Endpoint Manager, you must have setup the Gather historical information task to display the installed patches. For further details see Endpoint Manager Help.
  • Deploying: Shows the patches that are currently being deployed to the device.
  • Failed: Shows the patches that failed to install on the device.

Actions You Can Perform

Scan now: This command works only for devices that are managed from the Cloud. It initiates a patch scan of the device for all missing patches. The scan is performed by a task that is triggered by the client agent. The results are reported to the Device > Patches page and to Endpoint Vulnerability.

Deploy patches: This command works for devices that are managed from the Cloud and for devices managed by either Ivanti Endpoint Manager or Ivanti Security Controls. It initiates an immediate deployment of the selected missing patches. This is particularly useful when the deployment of a particular patch is urgent and you don't want to wait for a scheduled deployment. If the device is managed both from the Cloud and by an on-premise product, the deployment command will be issued through the Cloud. The deployment results are reported to Endpoint Vulnerability, Deployment History and the Device > Patches page.

If a reboot of the device is required, it will occur immediately following the successful deployment of the patches unless there is an active user on the device. If a user is logged on to the device, they will receive a 1-hour countdown timer that notifies them of the pending reboot. The user will have the ability to extend the time-out by 10 minutes. The reboot action will be forced after one day.

Deployment Requirements:

  • You must have the necessary permissions to deploy patches. To set this up, go to Admin > Access Control > Roles and select the role you want to configure. On the Permissions tab, select Global Actions > Deploy Patch.
  • If you have an Endpoint Manager or Security Controls connector, the following must be configured before attempting to deploy patches:
    • An Endpoint Manager or Security Controls connector has been added and has Action Details configured.
    • Connector has run and published patch scan data to the Neurons Platform.

Once a missing patch has been deployed, a notification is displayed in the Neurons Platform notification area notification icon.

Reset retry counts: Resets all patch retry counts on the selected endpoints.

Export CSV: You can choose to export selected patch notifications to a CSV file. The file is saved to your local downloads folder.

Search: Enter a keyword into the Search field to only show patches that contain the keyword. The keyword is matched to any case-insensitive text found from within all of the patches. To remove a search filter, select the clear filters iconfunnel with a cross to indicate clear any applied filters

In case of high resolutions, the action 'Deploy Missing Patches' actions might not be seen. In those cases, customers can collapse the side-menu to view 'Deploy Missing Patches' action.
Or
Users can click the on the Settings icon to view the 'Deploy Missing Patches' action.

Endpoint Manager Troubleshooting
If the notification indicates an error with the deployment configuration, then there was an issue attempting to reconcile the Endpoint Manager core server to perform the deployment. This could occur due to the following conditions:

  • Existing Endpoint Manager connector has not been configured with Action Details.
  • Multiple Endpoint Manager connectors have identical core server names; core server names must be unique for patch deployment to work.

For more information on patches, see Patch Intelligence.

This page identifies a device's vulnerabilities, categorized by severity and gathered from the following data sources if the corresponding connectors are installed: CrowdStrike, Microsoft Defender for Endpoint, Qualys, Rapid7, and Tenable. If more than one of these connectors is installed, the data is aggregated. Each vulnerability in the list is selectable, enabling you to view the CVE details on the National Vulnerability Database website. You can filter the list via the Severity column.

View Windows event log entries. This page uses Edge Intelligence to retrieve the 100 most recent entries in real time. IT analysts often look at Windows event logs to identify any errors that may indicate why a device is having issues. Now you can do this without having to log in remotely.

The Ivanti Neurons Digital Experience (DEX) Score is calculated based on a curated set of indicators, hybrid machine learning, and statistical models. The score ranges between 0 and 100, with higher scores indicating better experiences.

For more information on DEX and how it works, see DEX Scores.

This page shows device vulnerabilities reported by installed connector sources, such as those for Qualys, Tenable, and Rapid7. Each source has its own icon in the Sources column that you can use to identify the reporting source.

This page does not include vulnerability data from the Ivanti External Attack Surface Management product.

Browse a device's hardware and software inventory attributes. Multiple data sources can contribute to a device's inventory data, and you can use this page to see where a device's inventory data is coming from.

You can select a Curated data view or only data from a specific data source. The number of data sources contributing inventory data will vary, depending on your environment and how many data sources reported that device.

Curated data is a merged view of attribute data from all data sources, based on data source quality and order of precedence. The highest priority data sources are:

  • Ivanti Neurons - Inventory (Ivanti Neurons agent)
  • Ivanti Neurons – Remote Inventory (Ivanti Neurons agentless discovery)
  • Ivanti Endpoint Manager

If there is conflicting attribute data from these three data sources, the most recently updated data source is what the curated data view and Ivanti Neurons will use.

If data from one of these three data sources is not present on a particular device attribute, Ivanti Neurons uses a reverse alphabetic sort on the remaining contributing data source names. This means data sources with names closest to Z are ranked higher than those with data source names closest to A. For example, SCCM connector data would have precedence over Active Directory connector data. It does not matter who submitted data most recently for these.

For information on how Ivanti Neurons determines the "Assigned User" for a device, see this article on the Ivanti Community.

On the ‘Device details’ page, the group membership is now visible under Group Tags after the Microsoft Entra ID connector synchronization completes. It fetches your total number of devices after applying the filter; you can select the device and navigate to Device > Details > Application > Azure AD > Group Tags to view the details of the device and show the device is associated with how many numbers of groups along with the Group ID and Group Name. It only imports security groups.