Patch Advisories
The Ivanti Neurons Patch Management > Patch Intelligence > Advisories dashboard displays data for all patches. Once the Ivanti Neurons agent is reporting patch scan data or a connector has been added, you have the option to switch the toggle to Affects my environment. This restricts the data displayed to only the devices in the connected environment. You can customize the data to include the patches that have been superseded by switching the toggle to Include superseded. An advisory that has been superseded is listed in the Summary grid with a superseded icon before the Name.
The dashboard is made up of two parts: the charts and the summary grid. The charts and the data in the summary grid change depending on whether you have the Affects my environment toggle on. The data in the summary grid updates depending on whether you have the Include superseded toggle on. You can use the charts to filter the data that displays in the summary grid by clicking on any of the colored segments in a pie or bar chart. Re-click the colored segment to remove the filter from the grid. To view a chart full screen, click .
You can export the data from any chart in a PNG format. Select the ellipsis and select Export PNG. The PNG file is created and saved to the downloads folder.
All Patches Charts
The default view for Advisories displays the following charts:
Top vendors: This chart displays the top 5 vendors that have released the most patches within the last 14 days.
Patch types: This chart displays the number of each type of patch across all vendors, released within the last 14 days.
Why 14 Days? - Research has shown that patching vulnerabilities within 14 days of identification is the optimum period to reduce risk of exploitation.
Patch Tuesday: All patches issued on Microsoft Patch Tuesday, categorized by vendor and severity. This chart also includes third-party vendors which have at least one CVE associated with an MS patch. Select the ellipsis to export the chart in PNG format.
Add a Connector
To add a Connector: Ivanti Endpoint Manager (EPM), Security Controls, Patch for Configuration Manager, IES, or DSM, select Add Connector at the top of the dashboard, the Help panel Get Started with Connectors slides out, select Go To Connectors which walks you through the steps required.
The Add Connector option is only available if it is a new tenant, or if there isn't a connector or agent providing patch scan data.
The Connector availability depends on your Ivanti Neurons license.
Alternatively you can use the Ivanti Neurons Platform > Connectors menu option.
- Open the Admin menu.
- Select Connectors. See the Setting up connectors topic for further details.
- Select Add Connector for the desired server.
An overview of available connector types displays. - Select the required connector.
The connector details displays. For more information on how to complete the form see Setting up connectors.
My Environment Charts
The Advisories dashboard with the Affects my environment toggle On displays the following charts:
Devices exceeding SLA chart: This chart replaces the Top Vendors chart if you have the Affects my Environment toggle on. It allows you to easily see how many devices within your environment are nearing or exceeding your service level agreement (SLA) and the percentage of devices that are compliant, and not. Click on either of the device numbers in the chart to filter the summary grid, and hover over a number to see how many patches have been identified as missing from the devices.
Select the chart ellipsis to carry out one of these actions:
- Generate report: Create a report to show each update, the release date, total devices affected, and the trend toward compliance compared to your defined SLA. You can define the scope of the report including time frame, vendors, and severity. You can also filter by Exploited or specific CVE IDs to report on high risk updates specifically. The report is saved to your browser default download location.
- Export CSV: Select to export the chart data in CSV format.
If the data is exported from the SLA chart, all devices that are missing patches that fall outside of the SLA window are included, this could mean that a device is listed multiple times if it is missing multiple patches. The CSV file is saved to your browser default download location. - Export PNG: Select to save the chart as an image, in PNG format, to your browser default download location.
- Configure: The Service Level Agreement panel displays. Configurable settings for the chart are:
- Title and Description: The title and the description for the chart can be customized, up to a limit of 85 characters.
- Severity: The default for the chart is to include all patch types, but you can select to only include specific patch types based on security severity. For example, select Security Critical to only include the number of devices nearing or exceeding your SLA that are missing security critical patches.
- Your SLA limit: Set the number of days for your SLA. This can be between 1 - 365. The default is set to 30 days.
- Your SLA threshold: Set the number of days for your SLA threshold. This is the number of days before the actual SLA limit that you want to be notified about, it can be between 0 - 365, but not higher than the SLA value. The default value is 5.
You must have permissions to edit the SLA settings. To assign permissions to a role navigate to Admin > Roles > Permissions > Patch Management > Patch Intelligence > Edit SLA Config.
Select Apply changes to save the settings and close the panel.
Patch Types chart: This chart displays the number of each type of patch across all vendors, released within the last 14 days.
Why 14 Days? - Research has shown that patching vulnerabilities within 14 days of identification is the optimum period to reduce risk of exploitation.
Known vulnerabilities: This chart replaces the Patch Tuesday chart if you have the Affects my Environment toggle on. It allows you to easily see if there are any vulnerabilities in your environment. There are two levels of vulnerability:
- Vulnerable: At least one CVE registered against a missing patch.
- Exploited: At least one CVE that has a known exploit against a missing patch.
The patch scan results are used to provide this information. Click on either the Number of devices or Number of patches column to filter the grid results to only show the list of patches that fix either the vulnerability or the known exploit.
For more detail on known exploits, see the Patch information CVE tab.
CVE Upload
The Common Vulnerabilities and Exposures (CVE) List is a public reference of known cybersecurity vulnerabilities. This list, maintained by the MITRE Corporation, continually changes as new vulnerabilities are detected. If your organization uses the CVE list, it can be difficult to determine exactly which patches you need to deploy to protect your machines from the threats identified in the list.
Fortunately, Ivanti Neurons for Patch Management simplifies this process. You simply import a list of CVEs from a text file. Patch Management will automatically extract the CVEs, determine which patches are related to each CVE and then display those patches for your review. You select which patches to add to a patch group and then use that patch group in your deployments.
The CVE Upload option, provides the ability to import a list of CVEs from a third party, such as the Compliance or Security team. The file can be any text format, such as .csv, .xml, .json, .txt, .pdf
We recommend converting excel files to CSV format before uploading.
- On the Ivanti Neurons Platform navigate to Patch Management > Patch Intelligence.
- On the Patch Intelligence Advisories tab, select CVE upload. The CVE upload dialog displays.
- On the CVE upload dialog, select Choose file. Navigate to the file, and select it.
- The upload progress bar indicates the upload percentage complete status. Once the upload is complete, the file is processed.
- Select Apply to filter the summary grid to the patches matching the imported CVEs. The summary grid filter is then set to CVE upload, together with any previously applied filters, for example, Affects my environment, Include superseded.
If you select to Cancel the upload or Close the import dialog, the CVE import data will be discarded and the summary grid will be filtered as before the import.
If there are no matching CVEs, or no detected CVEs in the file, you'll only have the option to Close. - An information banner displays providing the number of matching patches for the imported CVEs, and the number of non-matching CVEs, together with the filters that have already been set.
To save the list of non-matching CVEs to a CSV file, select Export non-matching CVEs.