Dashboard

The Ivanti Neurons Patch Intelligence default dashboard tab is All Patches, once a connector has been added the My Environment tab becomes available. Select the My Environment tab to restrict the data to only the devices in the connected environment. For both of these tabs you can customize the data that displays to relate to All Patches, Latest Patches (excludes patches that have been superseded) or those Revised within 60 days.

The dashboard is made up of two parts; the charts and the data grid. The charts change depending on whether you have All Patches or My Environment selected. You can use the charts to filter the data that displays in the grid by clicking on any of the colored segments in a pie or bar chart, re-click the colored segment to remove the filter from the grid.

All Patches Charts

When the All Patches tab is selected the following charts display:

Top Vendors: This chart displays the top 5 vendors that have released the most patches within the last 14 days.

Patch Types: This chart displays the number of each type of patch across all vendors, released within the last 14 days.

Why 14 Days? - Research has shown that patching vulnerabilities within 14 days of identification is the optimum period to reduce risk of exploitation.

MS Patch Tuesday: All of the Microsoft Patch Tuesday patches, categorized by vendor and severity. This chart also includes Third Party vendors which have at least one CVE associated with an MS patch. Select the ellipsis to export the chart in .png format.

Add a Connector

To add an Ivanti Endpoint Manager (EPM), Security Controls, Patch for MEM connector, IES Connector, or DSM connector select Add Connector at the top of the dashboard, the Help panel Get Started with Connectors slides out, select Go To Connectors which walks you through the steps required.

Alternatively you can use the Ivanti Neurons Platform > Connectors menu option.

My Environment Charts

When the My Environment tab is selected the following charts display:

Devices Exceeding SLA chart: This chart replaces the Top Vendors chart if you have My Environment selected. It allows you to easily see how many devices within your environment are nearing or exceeding your service level agreement (SLA) and the percentage of devices that are compliant, and not. Click on either of the device numbers in the chart to filter the grid, and hover over a number to see how many patches have been identified as missing from the devices.

Select the chart ellipsis to carry out one of these actions:

Configure: Configurable settings for the chart are:
- Title and Description: The title and the description for the chart can be customized, up to a limit of 60 characters.
- Patch type: The default for the chart is to include all patch types, but you can select to only include specific patch types based on security severity. For example, select Security Critical to only show the number of devices nearing or exceeding your SLA that are missing security critical patches.
- Your SLA limit: Set the number of days for your SLA. This can be between 1 - 365.
- Your SLA threshold: Set the number of days for your SLA threshold. This is the number of days before the actual SLA limit that you want to be notified about, it can be between 0 - 365, but not higher than the SLA value. You must have permissions to edit the SLA settings, to assign permissions to a role navigate to Admin > Roles > Permissions > Patch Management > Patch Intelligence > Edit SLA Config.
Export CSV: The data can easily be exported in CSV format, see the To export section for details on what gets exported.
Generate Report: Create a report to show each update, the release date, total devices affected, and the trend toward compliance compared to your defined SLA. You can define the scope of the report including time frame, vendors, and severity. You can also filter by Exploited or specific CVE IDs to report on high risk updates specifically. The report is saved to your browser default download location.

Patch Types chart: This chart displays the number of each type of patch across all vendors, released within the last 14 days.

Why 14 Days? - Research has shown that patching vulnerabilities within 14 days of identification is the optimum period to reduce risk of exploitation.

Known Vulnerabilities: This chart replaces the MS Patch Tuesday chart if you have My Environment selected. It allows you to easily see if there are any vulnerabilities in your environment. There are two levels of vulnerability:

Vulnerable: At least one CVE registered against a missing patch.
Exploited: At least one CVE that has a known exploit against a missing patch.

The patch scan results are used to provide this information. Click on either the Number of Devices or Number of Patches column to filter the grid results to only show the list of patches that fix either the vulnerability or the known exploit.

For more detail on known exploits, see the Patch information CVE tab.

Manage Sideloads

If a patch file is not available as an automatic download from a vendor, it will require sideloading. Sideloading is when a patch file needs to be manually sourced from the vendor. This may happen in situations such as, if a vendor only makes the latest patch available and you want an older patch, or the patch download link may be behind a paywall and require a login to the vendor website, so manual selection or intervention is required.

You manage sideloads in Ivanti Neurons Platform > Patch Management > Patch Intelligence > Manage Sideloads tab. The tab has two sections: Pending Sideloads and Completed Sideloads.

Patches that require sideloading can be identified on the Patch Intelligence dashboard in the Download Status column of the Summary grid.
The Download Statuses are:

Automatic: The patch file is automatically available from the vendor.
Sideload required: The patch file is not automatically available from the vendor and requires the patch to be manually sourced and uploaded to Ivanti Neurons.
Sideload in progress: The patch file has been selected and is currently being uploaded to Ivanti Neurons.
Sideloaded: The patch file has been uploaded to Ivanti Neurons and the content is available for deployment.

Pending Sideloads

This section lists all of the selected patch files that require a manual download from the vendor.

You must download the patch file from the vendor website and save it to a local folder, be sure to download the correct language version of the file. The file must be of a supported file type: .cab, .exe, .iso, .msi, .msp, .msu, .zip.

Do not navigate away from Patch Intelligence while any file is uploading, otherwise any uploads in progress will be cancelled.

All files selected for sideloading are listed, with the following information:

Name: The patch file name.

External Vendor: The name of the patch vendor.

Culture: The language the file is available in.

File Status: The status of the patch file. The possible status are:

No file selected: You need to click Select File to choose the patch file to upload.
Uploading: The file is currently being uploaded to Ivanti Neurons.
Do not navigate away from Patch Intelligence whilst this is in progress, otherwise the upload will stop.
Verifying: The file undergoes the four verification scans to check for risks:
- File Header Match: An attempt is made to match the file header for the file extension.
- Sha-256 Hash Confirmation: Calculates the SHA-256 hash of the patch file. Please check that it matches the expected value with the vendor.
- Digital Signature Validation: An attempt to verify the digital signature of the patch file. If the patch file is not signed, you will be prompted to manually confirm the file details. For your convenience, a SHA-256 file hash of the file is displayed in the expandable file details panel.
- Threat Scan: The file is scanned by an anti-virus scanner for threats.
Verified: The file has successfully passed all scans and been verified.
Once verified you can expand the file to expose a review panel, showing details such as size, hash key, verified scan results and thumbprint.
No file extension: The selected file has no file extension.
Threat scan failed: The threat scan has failed and the file is classed as high risk.
File type not supported: The selected file is not in a supported format. The file must be one of the following types: .cab, .exe, .iso, .msi, .msp, .msu, .zip.
Multiple scan failures: The patch file has failed at least one of the four verification scans.
Vendor certificate mismatch: The digital signature of the uploaded file did not meet the expected vendor for the patch.

Actions:

Select File: Opens File Explorer. Locate and select the required file to download.
Approve: Once the patch file has been downloaded and verified, click Approve . This moves the file down to the Completed Sideloads section, making it available for deployment in the usual manner.
(x) Delete: Click the x icon next to the file to delete the file from the pending list.

Completed Sideloads

This section lists all manually downloaded patch files that have been verified and approved. The following details for each file are provided:

Name: The vendor name for the patch file.

Culture: The patch file language.

Approved By: The name of the user that approved the file.

Approved Date: The date the file was approved.

File Name: The name of the uploaded file.

Size: The file size.

Status: The status of the file:

Verified
No valid signatures
Vendor certificate mismatch
Multiple scan failures
Unknown error
Threat scan failed

Actions

Replace: Select the check box to the left of the patch name and click Replace to move the patch back up to the Pending Sideloads section. You can then select a different file to download for the patch, for example if there is a later file that's been made available.
Delete: Select the check box to the left of the patch name and click Delete to delete the patch. If you want to sideload this patch you will need to re-select it from the Patch Details > Patches tab to re-add it to Pending Sideloads.