The grid on the Ivanti Neurons Patch Intelligence homepage contains a list of all the latest validated patches, listed in date order by default. The columns are grouped into categories so you can easily focus on the relevant data; Summary, Reliability & Social, and Threat & Risk. You can customize which columns are on show and the order of the data by filtering, sorting, or searching by keyword.
You can customize the grid view using the Column Chooser . Available columns are:
Id: Click to open the Patch Details panel.
Name: Click to open the Patch Details panel.
Unpatched Devices: The number of devices that do not have the patch installed. Click to open the Unpatched Devices tab on the Patch Details panel. This column is only available when you have a connector setup.
Platform: The platform that the patch applies to; Windows or macOS.
Date: The issue date of the patch.
Vendor: The name of the software vendor that issued the patch.
- Automatic: The patch can be automatically downloaded from the vendor and is ready for deployment.
- Sideload Required: The patch file cannot be automatically downloaded from the vendor and requires the patch file to be manually sourced and uploaded to Ivanti Neurons before it can be deployed to the endpoint. This process is known as sideloading.
- Sideload in Progress: The patch content has been selected for sideloading and the file is being uploaded to Ivanti Neurons.
- Sideloaded: The patch file has been uploaded to Ivanti Neurons and is ready for deployment.
You can filter the Download Status column to display only the patches that require sideloading. Learn more about how to Manage Sideloads.
Reliability: Helps to determine the stability of the patch. Patch Intelligence gathers data from a variety of sources to provide a confidence score for updates to supplement your patch testing efforts. It is derived from the number of successful and failed installs, with other stability metrics, such as Reported Issues from vendors or users, to categorize the patch into one of the following:
- Green: Excellent - this represents patches that have a 100% install success rate
- Green: Very High
- Green: High
- Amber: Good
- Amber: Medium
- Amber: Low
- Red: Very Low
- Grey: n/a - too few installation attempts to categorize
My Reliability: Helps determine the stability of the patch. The patches are filtered to show just the devices in your environment, you must have at least one connector to use this column. The score is calculated using the formula successful deployments / total deployments * 10 for all devices in your environment.
Trending: Indicates the level of social media attention a patch is receiving. A higher trend is indicated with the bars; the higher the bars, the higher volume of social media posts. The content of the posts could be negative i.e. problems with installing, or positive i.e. fixes issued for any problems. To understand this further, go to the Reported Issues > Trending section in the Patch Details panel to see further detail on the most common trending topics or keywords.
Reported Issues: The number of reported issues plus any Trending comments. These can be official reported issues by the vendor, such as Microsoft, customer reported issues, or trending comments on social media. If the patch has received any downvotes the thumb-down icon displays with the number of votes next to it. Click the number or thumb icon to open the Reported Issues tab on the Patch information panel.
VRR Group: The Vulnerability Risk Rating (VRR) is designed to decipher cybersecurity risk from the widest angle possible. Using an algorithm that intelligently separates, and elevates, the highest risk weaknesses. It takes in the highest fidelity vulnerability and threat data, together with human validation of exploits from penetration testing teams. VRR provides a deeper analysis of context that combats this problem. Subject matter expertise from penetration testers helps build data-driven models to inform the scoring algorithm. VRR represents the risk posed by a given vulnerability, provided as a numerical score between 0 and 10 (the VRR score can be seen on the Patch Details panel > CVE tab) it is then represented in one of the following groups:
- 9.00-10 = Critical
- 7.00-8.99 = High
- 4.00-6.99 = Medium
- 0.01-3.99 = Low
The vulnerability and threat components to determine the VVR score and group consist of the following:
- Detailed scanner finding information.
- CVSS base score.
- Industry standard threat intelligence sources such as the National Vulnerability Database (NVD), Common Vulnerabilities and Exposures (CVE), Common Weaknesses Enumeration (CWE), and the OWASP Top 10.
- Curated threat feeds that provide broad coverage and continuous updates on the most active trending exploits being used in the wild.
- Direct input from industry leading penetration testing teams about newly validated exploits.
CVSS: Highest NVD (National Vulnerability Database) CVSS (Common Vulnerability Scoring System) v3 score taken from all CVEs associated with the patch. If v3 is not available the v2 score is taken. If no score is available No data displays. The score range is from 0.1 to 10.
NIST (National Institute of Standards and Technology) can take up to 2 weeks to update their website.
CVE Count: The number of CVEs the patch contains. If at least one CVE for the patch that has been exploited, a bug icon displays . Click the icon to open the Patch Details panel for more details.
Vendor Severity : The patches are categorized to one of the following types:
- Security: Critical, Important, Moderate, Low, Unassigned
- Non-Security: Critical, Important, Moderate, Low, Unassigned
Filter, Sort, Search and Export
You can search, sort, and filter the data based on a number of attributes.
Select the filter iconto refine the list using any of the predefined attributes. If a filter has been applied to a column, a red dot is seen on the icon. To remove an applied filter, click the clear filters icon .
Select the sort iconin any column header to sort into ascending () or descending () order. To remove the sorting, right-click the column header and select Clear Sorting from the context menu.
Use the Search field to enter a keyword; the list will then only show patches that contain the keyword. The keyword is matched to any case-insensitive text found from within all of the patches, for example; CVE numbers, patch names, blue screen, and so on.
Example search use cases:
- As a security engineer, I want to supply a CVE to Patch Intelligence to understand what patch I need to have my IT Ops team apply to mitigate the vulnerability. The searching functionality can be an asset to both the Security and Ops teams by allowing them to search for CVEs and see which patches are required.
- As a support technician, I want to know whether a patch is available to fix an issue with PST corruption in Outlook 2016 occurring in conjunction with error 0x80040119. The ability to search benefits the support staff who can search for symptoms or issues around a particular patch.
To remove a search filter, click the clear filters icon.
You can choose to export selected patches, selected CVEs or all CVEs, in CSV format to help with your patch reporting requirements. The CSV list of CVE IDs can be imported into other products, such as Ivanti Security Controls and Ivanti Endpoint Manager.
Any sorting or filtering applied to the patches will be retained in the exported output. All columns will be included regardless of what has been selected in the Column Chooser.
If the data is exported from the SLA chart, all devices that are missing patches that fall outside of the SLA window are included, this could mean that a device is listed multiple times if it is missing multiple patches.
Select the first column check box for the patches you want to export. Alternatively, select the check box in the header cell to select all patches.
Click Export CSV to create the CSV file and save it to your local downloads folder.