In the Ivanti Neurons Patch Intelligence summary grid click a patch ID or Name to open the Patch Details page, here you can view further details such as: associated CVEs, list of devices which do not have the patch installed, and any reported issues with this patch.
If you have Ivanti Neurons Patch for Intune on your tenant, the View in Patch for Intune button is present. Select to view the patch details in Patch for Intune.
The patch name is followed by the option to place a downvote, to indicate if you have encountered any issues or problems with the patch. If you have not placed a vote you will see the gray thumbs-down icon you are only allowed one vote, if this has been used you will see a blue thumbs-down icon . Next to the icon is the number of down-votes received.
Key Performance Indicator (KPI) tiles display to provide a patch detail overview:
- KPI for Windows and Mac: Vendor severity, VRR, Reported issues, and Products affected.
- KPI for Linux: Vendor severity, VRR, Products affected.
A brief description of what the patch addresses and a link to open the Vendor summary in a new browser tab is also provided.
Lists all patch details, such as: Patch name, number of Unpatched devices, and number of Failed installs, Download status, Reliability, any Reported issues
Click a patch to open the Patch information page, which includes information such as: details of any patch that this one supersedes or is superseded by, the CVEs contained within the patch, details of unpatched devices, and any reported issues (
- Sideload: Select the check boxes next to the patches you want to manually upload, and then click Sideload.
This adds the selected patch files to the Pending Sideloads section of the Manage Sideloads tab on the Patch Intelligence dashboard.
The Manage Sideloads tab automatically displays when you click Sideload.
Learn more about Patch Sideloads.
- Patch Groups: Select to Add or Remove a patch from a Patch Group. Select the check box next to a patch and select Patch Groups > Add to Patch Group or Remove from this Patch Group to add or remove the patch from a Patch Group. To learn more, refer to Patch Groups.
- Export: Select the patches you want to include in the export, then select Export to create a CSV file and save it to your local downloads folder.
Lists the CVEs associated with the patch, including; the VRR Group, VRR score, CVSS score; v2 or v3 as applicable, and if there are any known exploits, together with the exploit published date and any known malware.
VRR score: A numerical score between 0 and 10, where higher is more severe. For further details see Threat & Risk.
Real-time vulnerability intelligence provides known Exploit or Malware data per CVE. Exploit and Malware context provides a deeper level of vulnerability insight. Vulnerabilities become actionable via a thorough understanding of their full context, including any active exploits.
- DoS: Denial of Service is an attack against a computer or network which reduces, restricts or prevents accessibility of its system resources to authorized users.
- PE: Privilege Escalation vulnerabilities allow attackers to impersonate other users, or gain permissions they should not have. These vulnerabilities occur when code makes access decisions on the back of untrusted inputs.
- RCE: Remote Code Execution attack happens when a threat actor illegally accesses and manipulates a computer or server without authorization from its owner. A system can be taken over using malware.
- WA: Web Application vulnerabilities involve a system flaw or weakness in a web-based application. They arise because web applications need to interact with multiple users across multiple networks, and that level of accessibility is easily taken advantage of by hackers.
- Ransomware: Malicious software designed to block access to a computer system until a sum of money, or the ransom, is paid.
- Exploit Kit: A toolkit used by cybercriminals to attack vulnerabilities in systems so they can distribute malware or perform malicious activities. They tend to be deployed covertly on legitimate websites that have been hacked, the site operators and visitors are often unaware of this exploit.
This tab is only available when data has been received via a connector or the Ivanti Neurons Agent patch scan.
The grid lists all the devices that do not have this patch installed. The device name, domain name, IP address, OS name and OS version are shown. The Management column provides the name of the agent managing the device, which will either be a supported Connector, or Ivanti Neurons.
The most recently run Connector report will determine the patch install status. Having multiple connectors reporting on a device can provide conflicting information due to differing schedules, deployment results, and assessment results. Therefore, we recommend managing endpoint devices with a single connector.
Click on a Device name to open the Neurons Platform > Devices > Device > Patches page.
The Reported Issues tab only displays for Windows and Mac patches.
Reported issues can help you understand why a particular patch may or may not have rolled out smoothly and any additional steps that may be required. The reported issues are categorized as follows:
Official reported issues: Any vendor reported issues, such as Microsoft Known Issues, which relate to the patch are automatically listed here.
Customer reported issues: Any issues can be submitted about a patch, which Ivanti will review and anonymize.
Ivanti reported issues: Any issues reported by Ivanti.
Add New Issue: Select to add an issue to a patch. The section expands for you to complete the following:
- Patches affected: Select all of the patches the issue relates to.
- Issue description: Describe what the issue is in 500 characters or less. Include symptoms and remediation steps.
- Number of endpoints affected: Select the number band of endpoints you have experienced this issue on in your environment.
- I had to roll this patch back: Check this box if the issue caused you to roll back.
- Add Issue: Select to submit the issue to the Ivanti moderators. If approved, the issue will be displayed in the Reported Issues, this can take up to 48 hours.