The Endpoint Vulnerability component provides a central view of device patching for your environment. It is device-centric, meaning it shows the risk posture of each endpoint. It contains device health and risk-based metrics as well as endpoint data. Unlike the Devices view, the Endpoint Vulnerability view is meant strictly for patch management activities such as viewing data and performing patch management actions.
Endpoint Vulnerability is accessed from the main menu by selecting Patch Management > Endpoint Vulnerability. The component consists of a dashboard view along the top that contains three different charts and a summary table at the bottom.
The charts enable you to quickly assess the current patch status of your environment.
Tip: You can click on any of the individual bars in a chart to filter the information in the table. This filters the table to show only the devices you are most concerned about.
- Device health: Allows you to easily understand the percentage of devices in your environment that are in Good, Moderate or Poor health. The device health is calculated using the risk score.
- Last scanned: Classifies the number of days since devices were last scanned. Endpoints in your organization that are healthy will make a best effort to report their status frequently. The process is fully automatic and is triggered by various patching and system events. Healthy endpoints will almost always report their status in less than seven days. Any endpoint that has not reported its status within the last seven days likely has some sort of issue that is preventing it from reporting and should be investigated.
- Devices by risk: Shows the number of devices that contain at least one of the following levels of patch severity.
- Exploited: There is at least one CVE that has a known exploit against a missing patch.
- Security critical: At least one missing patch has a severity of Security Critical.
- Security important: At least one missing patch has a severity of Security Important.
The table contains a list of all devices. By default, the table contains the following columns and is sorted by the Last patch scan date. Additional columns are available using the Column Chooser .
- Device name: The name of the device. You can click the name to view the Device Details page.
- Patch configuration: The name of the patch configuration to which the device is currently assigned. You can click the name to view the configuration details.
Tip: To quickly locate devices that have not been assigned a patch configuration, use the sort iconin the column header to sort the column into ascending () order. The entry will be blank for all devices that are not being patched by Ivanti Neurons.
- Risk score: The maximum CVE risk for the device. The score is computed using CVSS V2 and V3 data. It is a normalized measure of risk on a scale of 0 to 100, with 100 being the highest risk.
The traffic light indicator icon that is located immediately to the left of the score provides a visual representation as to the relative risk health of the device. The indicator colors are:
- Red = Poor, representing a risk score that is greater than or equal to 70
- Yellow = Moderate, representing a risk score that is in the range 40 - 69
- Green = Good, representing a risk score that is less than 40
- Missing patches: The number of patches that are missing on the device. You can click the number to view detailed information about the missing patches.
- Management: Shows the source of the device data and indicates how the device is being managed. This can be from a connector to an on-premise product, it can be natively from the Cloud, or both.
- Ivanti Neurons: The device is being supported by cloud-native Ivanti Neurons for Patch Management
- Ivanti Endpoint Manager: The device is being managed by Ivanti Endpoint Manager and the data is being pulled in via a connector.
- Ivanti Patch for Microsoft Endpoint Manager: The device is being managed by Ivanti Patch for Microsoft Endpoint Manager (MEM) and the data is being pulled in via a connector.
- Ivanti Security Controls: The device is being managed by Ivanti Security Controls and the data is being pulled in via a connector.
- Ivanti Endpoint Security: The device is being managed by Ivanti Endpoint Security and the data is being pulled in via a connector.
- Ivanti Desktop & Server Management: The device is being managed by Ivanti Desktop & Server Management and the data is being pulled in via a connector.
- Last patch scan: The date the device was last scanned for missing patches.
- Policy group: The agent policy group to which the device is currently assigned. You can click the name to view the policy configuration.
Use the dashboard charts and the table to quickly determine which devices you need to focus on and investigate.
Filter, Sort, Search and Export
Toggles on and off the Smart Filters area directly above the table. Enables you to see the filters that are currently applied to the table.
Information displayed within the table can be easily filtered to narrow the focus to only those devices of interest. One way to do this is by using the Smart Filter. The Smart Filter contains several default filters. You can also define your own custom filters.
The Smart Filter contains several default filters. Default filters cannot be modified or deleted. The default filters include the following:
- Last 14 Days: Only those devices that were scanned within the last 14 days are displayed.
- Last 7 Days: Only those devices that were scanned within the last seven days are displayed.
- Missing at least one patch: Only those devices that are missing at least one patch are displayed.
You can create your own custom filters. This is a powerful tool that enables you to specify exactly which entries you want displayed. Each custom filter is comprised of one or more rules. You can define as many rules in a filter as needed.
To create a new filter:
- Click Filters.
The Smart Filter definition area is displayed above the table.
- Filter the table to a defined set of devices.
Do this using the column filters and any existing Smart Filters.
- Select Smart filters > Add new smart filter from current.
The new filter is created based on the filtering criteria used in the current table.
- Type a descriptive name for the filter.
- Click Add filter.
Select the sort iconin any column header to sort into ascending () or descending () order. To remove the sorting, right-click the column header and select Clear Sorting from the context menu.
Use the Search field to enter a keyword; the list will then only show patches that contain the keyword. The keyword is matched to any case-insensitive text found from within all of the patches.
To remove a search filter, click the clear filters icon.
You can choose to export selected patches, selected CVEs or all CVEs, in CSV format to help with your patch reporting requirements. The CSV list of CVE IDs can be imported into other products, such as Ivanti Security Controls and Ivanti Endpoint Manager.
Any sorting or filtering applied to the patches will be retained in the exported output. All columns will be included regardless of what has been selected in the Column Chooser.
If the data is exported from the SLA chart, all devices that are missing patches that fall outside of the SLA window are included, this could mean that a device is listed multiple times if it is missing multiple patches.
Select the first column check box for the patches you want to export. Alternatively, select the check box in the header cell to select all patches.
Click Export to create the CSV file and save it to your local downloads folder.