Ivanti Cloud delivers a Patch Intelligence application that gathers and aggregates data to help manage, prioritize and streamline patching in your environment.
Ivanti and User known issues can be used to highlight potential issues with individual patches.
You can filter and order the patches by Type, which gives you a priority order to apply patches to resolve the largest problems first—for example, Security Critical and Security Important.
Bulletin and Patch threat scores can be used to help the prioritization.
Not only is Patch Intelligence a proactive tool used by IT Ops teams to plan the deployment of patches, it can also be used reactively. For example, technical support investigating an issue can check the reliability ratings and feedback for recently applied patches that may be pertinent to the issue they're investigating.
To access Patch Intelligence, click Dashboards > Patch Intelligence in the left navigation pane.
Dashboard pie charts
There are 3 pie charts on the Patch Intelligence dashboard; you can click any colored segment in a chart to filter the results in the bulletin table below the charts. Re-click the segment to remove the filter.
The chart types are:
- Top Vendors – The top 5 vendors that have released the most bulletins within the last 14 days.
- Bulletin Types – The number of each type of bulletin across all vendors released within the last 14 days.
- MS Patch Tuesday – All of the Microsoft Patch Tuesday bulletins, categorized by bulletin type.
Why 14 Days? - Research has shown that patching vulnerabilities within 14 days of identification is the optimum period to reduce risk of exploitation.
The bulletin table contains a list of all the latest validated bulletins with associated patches, listed in date order by default. You can customize the view by filtering, sorting, or searching by keyword (see below).
You can customize the table view using the Column Chooser . Available columns are:
- Threat - Highest NVDNational Vulnerability Database CVSSCommon Vulnerability Scoring System v3 score taken from all CVEs associated with patches in the bulletin. If v3 is not available the v2 score is taken. N/A displays if no score is available.
- Green indicates a score of 0.1 - 3.9
- Yellow indicates a score of 4.0 - 6.9
- Red indicates a score of 7.0 - 10
NISTNational Institute of Standards and Technology can take up to 2 weeks to update their website.
- Bulletin Id - Bulletin Id. Click to open the Bulletin Information.
- Title - Bulletin title.
- Known Issues - Number of reported known issues. Click to open the Known Issues tab on the Bulletin Information.
- Bulletin Date - Date of issue.
- CVE Count - Number of CVEs the bulletin contains.
- Vendor - Software vendor that has issued the bulletin.
- Type - the bulletins are categorized to one of the following types:
- Security - Critical, Important, Moderate, Low, Unassigned
- Non-Security - Critical, Important, Moderate, Low, Unassigned
Select any bulletin in the table to view further details:
- Bulletin Information – Description of the bulletin and a list of products and versions affected.
- Patches – List of all patches included in the bulletin. To filter the list to display only the product version(s) you're interested in, select Filter By Products.
- CVE – Lists any CVEs associated with the patch. Click on any to open the National Vulnerability Database website.
- Known Issues – Any known issues can be submitted about a patch, which Ivanti will review and anonymize. The known issues can help the patch administrator or IT Ops engineer understand why a particular patch may or may not have rolled out smoothly and any additional steps that may be required. The issues will be listed as Customer reported issues, or Ivanti report issues.
To add a known issue to a bulletin select New Issue. The section expands for you to complete the following:
- Patches affected - select all of the patches the issue relates to.
- Issue description - describe what the issue is, symptoms and remediation steps should be included, and limited to 500 characters.
- Number of endpoints affected - select the number band of endpoints you have experienced this issue on in your environment.
- I had to roll this patch back - check this box if the issue caused you to roll back.
- Add Issue - Select to submit the issue to the Ivanti moderators. If approved, the issue will be displayed in the Known Issues, this can take up to 48 hours.
Select a Patch to view further details, such as, if it has been superseded by another patch, if this patch replaces another patch, the CVEs contained within the patch and any reported Known Issues.
Filter, sort, and search
You can search, sort, and filter the bulletin database based on a number of attributes.
Select the filter iconto refine the list using any of the predefined attributes:
Date – Available preset date ranges:
- Last 3 Days
- Last 14 Days
- Last 30 Days
- Last 365 Days
- Custom Range
Vendor – Listed in alphabetical order such as Apple, Microsoft, VMWare, and so on.
Type – Categories:
- Security - Critical/Important/Moderate/Low/Unassigned
- Non-Security - Critical/Important/Moderate/Low/Unassigned
If a filter has been applied to a column, a red dot is seen on the icon
Select the sort iconin any column header to sort into ascending () or descending () order.
To remove the sorting, right-click the column header and select Clear Sorting from the context menu.
Use the Search field to enter a keyword; the list will then only show bulletins that contain the keyword. The keyword is matched to any case-insensitive text found from within all of the bulletins—for example, CVE numbers, patch names, blue screen, and so on.
Example search use cases:
- As a security engineer, I want to supply a CVE to Patch Intelligence to understand what patch I need to have my IT Ops team apply to mitigate the vulnerability. The searching functionality can be an asset to both the Security and Ops teams by allowing them to search for CVEs and see which patches are required.
- As a support technician, I want to know whether a patch is available to fix an issue with PST corruption in Outlook 2016 occurring in conjunction with error 0x80040119. The ability to search benefits the support staff who can search for symptoms or issues around a particular patch.
Was this article useful?
Copyright © 2019, Ivanti. All rights reserved.