Endpoint Vulnerability

Overview

The Endpoint Vulnerability component provides a central view of device patching for your environment. It is device-centric, meaning it shows the risk posture of each endpoint. It contains device health and risk-based metrics as well as endpoint data. Unlike the Devices view, the Endpoint Vulnerability view is meant strictly for patch management activities such as viewing data and performing patch management actions.

Endpoint Vulnerability is accessed from the main menu by selecting Patch Management > Endpoint Vulnerability. The component consists of a dashboard view along the top that contains three different charts and a summary table at the bottom.

Charts

The charts enable you to quickly assess the current patch status of your environment.

Tip: You can click on any of the individual bars in a chart to filter the information in the table. This filters the table to show only the devices you are most concerned about.

  • Device health: Allows you to easily understand the percentage of devices in your environment that are in Good, Moderate or Poor health. The device health is calculated using the risk score.
  • Last scanned: Classifies the number of days since devices were last scanned. Endpoints in your organization that are healthy will make a best effort to report their status frequently. The process is fully automatic and is triggered by various patching and system events. Healthy endpoints will almost always report their status in less than seven days. Any endpoint that has not reported its status within the last seven days likely has some sort of issue that is preventing it from reporting and should be investigated.
  • Devices by risk: Shows the number of devices that contain at least one of the following levels of patch severity.
    • Exploited: There is at least one CVE that has a known exploit against a missing patch.
    • Security critical: At least one missing patch has a severity of Security Critical.
    • Security important: At least one missing patch has a severity of Security Important.

Device Summary

The table contains a list of all devices. By default, the table contains the following columns and is sorted by the Last patch scan date. Additional columns are available using the Column Chooser .

  • Device name: The name of the device. You can click the name to view the Device Details page.
  • Patch configuration: The name of the patch configuration to which the device is currently assigned. You can click the name to view the configuration details.

    Tip: To quickly locate devices that have not been assigned a patch configuration, use the sort iconup arrow and down arrow to indicate the sort optionin the column header to sort the column into ascending (Ascending icon) order. The entry will be blank for all devices that are not being patched by Ivanti Neurons.

  • Risk score: The maximum CVE risk for the device. The score is computed using CVSS V2 and V3 data. It is a normalized measure of risk on a scale of 0 to 100, with 100 being the highest risk.
    The traffic light indicator icon that is located immediately to the left of the score provides a visual representation as to the relative risk health of the device. The indicator colors are:
    • Red = Poor, representing a risk score that is greater than or equal to 70
    • Yellow = Moderate, representing a risk score that is in the range 40 - 69
    • Green = Good, representing a risk score that is less than 40
  • Missing patches: The number of patches that are missing on the device. You can click the number to view detailed information about the missing patches.
  • Management: Shows the source of the device data and indicates how the device is being managed. This can be from a connector to an on-premise product, it can be natively from the Cloud, or both.
    • Ivanti Neurons: The device is being supported by cloud-native Ivanti Neurons for Patch Management
    • Ivanti Endpoint Manager: The device is being managed by Ivanti Endpoint Manager and the data is being pulled in via a connector.
    • Ivanti Patch for Microsoft Endpoint Manager: The device is being managed by Ivanti Patch for Microsoft Endpoint Manager (MEM) and the data is being pulled in via a connector.
    • Ivanti Security Controls: The device is being managed by Ivanti Security Controls and the data is being pulled in via a connector.
    • Ivanti Endpoint Security: The device is being managed by Ivanti Endpoint Security and the data is being pulled in via a connector.
    • Ivanti Desktop & Server Management: The device is being managed by Ivanti Desktop & Server Management and the data is being pulled in via a connector.
  • Last patch scan: The date the device was last scanned for missing patches.
  • Policy group: The agent policy group to which the device is currently assigned. You can click the name to view the policy configuration.

Use the dashboard charts and the table to quickly determine which devices you need to focus on and investigate.

Filter, Sort, Search and Export

Related topics

Patch Management Overview

Patch Intelligence

Deployment History

Patch Settings