Edge Intelligence

Edge Intelligence gives you real-time insights, as well as remediation and alerting capabilities for your environment. Data is retrieved from devices in real-time, at the moment you request it.

You can enter your questions as you would ask them—for example, "show me the firewall status." Edge Intelligence leverages the power of machine learning to provide you with the desired data.
Alternatively, there are several predefined queries available, related to Security, Health, and Inventory. A selection of these queries can also be run against a device you selected from the Devices page. See also Device details.

After installing the Ivanti Neurons Agent on a device, it will start responding to queries. For details about installing the agent, see Agent Management.

Some of the features in Edge Intelligence, for example performing actions or setting alerts, are available only to users with the appropriate role.
For information about managing roles, see Roles.

You can access Edge Intelligence from the menu, at Insights > Edge Intelligence.

Landingpage

By default, and depending on settings, when you go to Edge Intelligence, the Agent Overview opens with a map displaying the locations of the agents in your environment. The map is updated when you select a predefined target (see Targeting, below).
In the top-right of the map, select the X to close the map and display the list of available predefined queries. Deselect the option Show as landingpage to skip the Agent Overview when you access Edge Intelligence.

If you have previously deselected Show as landingpage but want to enable the option again, click on the section that lists how many agents are online (xx / yy online) to the right of the Edge Intelligence query bar.

Targeting

The drop-down menu to select a predefined target, with the default selection 'All devices'. The counter for x number of online endpoints out of possible y is to the right of it.
At the top right of the screen, you can select a predefined target from the list to limit queries to a subset of the endpoints in your environment. The counter for number of online endpoints changes depending on the selected predefined target.

All queries will be limited to the endpoints in the target as long as the target is selected. If a query was executed while a target was selected, the query widget displays the target name in its title.
To change the target that is applied to a widget, click Target and parameters icon to open the Set (parameters and) targeting window.
For more information about setting parameters and targeting, see below at Target and parameters icon.

For information about how to configure predefined targets, see Targeting.

Geographic area filter

Use Crop icon to select a geographic area on the map of the Edge Intelligence landingpage and use it as a filter for follow-up queries.

Location data

If you do not want to display agent location data, you can disable the location sensor.

Query widgets

The response to your query is displayed in a widget.

Example of a query widget

Click on a result label listed above the chart (e.g. Enabled in the image above) to toggle between hiding or showing the related results.
Click on a result category in the chart (e.g. Domain in the image above) to go to the list view, filtered for that category.
Query widgets retain the targeting that was set when they were first run, until you change it. See below at Target and parameters icon.

Depending on the widget, the following controls may be available. Some controls are only available from the list view.

  • Toggle view icon – Toggle between chart and list view. By default, most widgets open as a chart. Switch to the list view to see the results in more detail.
    The list view also enables you to initiate actions to solve an issue you identified from the query results. For example, if the results show a device with a disabled firewall, you might use an action to enable the firewall. For details about using actions, see Edge Intelligence actions.

  • Alerting icon – Enable alerting. You can configure alerts based on real-time events. Alerts can also trigger one or more actions. For example, Edge Intelligence can initiate the Cleanup disk action if free disk space on drive C: drops below 10%. For details about using actions, see Alert actions.
    For an overview of configured alerts, click Alerting icon in the Edge Intelligence search bar.
    The Alerting icon is located at the top-right of the screen, in the Edge Intelligence search bar. This is below the Neurons Platform search bar.

  • Repeat icon – Repeat the query for all currently connected endpoints.

  • Target and parameters icon – Define the parameters ("which query will run on the endpoints") and/or targeting ("on which endpoints will the query run") for the query. Some parameters are mandatory.
    Targeting consists of selecting a predefined target from the drop-down list (if available) and/or setting targeting conditions on the query.

    The relation between the predefined target and each of the targeting conditions you set on the query is AND. You can therefore set up targeting so it does not contain any endpoints by definition.
    Example:
    The predefined target has the condition 'Domain equals JEDI', and you add the condition 'Domain equals EMPIRE'.

    If there are parameters or targeting defined for a query, this is indicated by a badge on the icon: Configured target and parameters icon
    When you set a query as a favorite, its parameters and target are preserved.

    For more information about creating predefined targets, see Targeting.

  • Crop icon – On some map-based widgets, you can define a geo target by drawing a rectangle over the desired area. A message is displayed, indicating that a filter is in effect:
    Filter message: Geographic area filter
    To reset the filter, click Close icon at the end of the message.

  • Pin icon – Pin a query to gather results for 24 hours. Because Edge Intelligence uses real-time information, it can only return data from agents that are online at the time the query is sent. By pinning your query, Edge Intelligence will gather responses to your query from agents that come online for a period of 24 hours.
  • Trending icon – Start trending. By default, Edge Intelligence does not retain query results. However, for certain queries you may want to track how a specific aspect develops over time. The trending option enables you to do just that.
    You can specify the data collection period and interval, and whether the trending data should be available only to you or to everyone in your organization.

    The Trending feature is experimental, with considerable limitations. Only the Free Disk Space, Logon Performance and Windows Reliability Index queries have a chart view. Although the rest of the queries do not have a chart view defined, it is still possible to download the data after enabling a trend for the query of interest. Ivanti has received feedback on this experimental functionality, which will be processed into a successor.

  • Copy icon – Copy the results that are displayed on the current page of the widget.
  • Export icon – Export query results to CSV. The results (up to 150.000 lines) are exported to a CSV file, which is then downloaded to your computer. Note that the export includes only results that are available at the moment the export button is selected.
  • Scope icon – Use the current selection of agents as a filter for other queries. This allows you to limit additional investigation or remediation to a subset of devices.
    When you set a query as a favorite, filters are not preserved.

    Using the Event Log Summary query, you have identified that event ID 7034 may be causing problems on several devices and want to investigate further.

    1. In the Event Log Summary widget, use Search to limit the results to devices where this event was logged:
      List view of the Event Log Summary widget with a query for 7034 applied
    2. Click Scope icon to set the list of devices in the results as the filter for other queries. A message is displayed, indicating that a filter is in effect:
      Filter message: Device list filter (93): Event Log Summary (7034)
      In the example above:
      93 indicates the number of devices after applying the filter.
      Event Log Summary is the query from where the filter was set.
      7034 is the search phrase that was used to define the filter.
    3. Any Edge Intelligence query you perform will only be applied to the resulting devices, in this example to the 93 devices mentioned in step 2.
      Similarly, any Edge Intelligence action you select will only be applied to these devices.

    To add filter criteria, click Scope icon after performing additional queries from the same widget or from other Edge Intelligence widgets.
    To reset the filter, click Close icon at the end of the message indicating that a filter is active.

  • Column filter icon, inactive - Apply a filter to the column. Currently no filter has been applied to the column.
  • Column filter icon, active - Edit column filters.
  • Clear column filters icon - Clear all column filters.

Favorite queries

To create a set of favorite queries, use the Heart icon icon next to the query widget title. This adds the query to the favorites, preserving its current parameters and targeting (see above).

  • You can specify a custom name to indicate what the query will return, for example 'Local Admin Users Engineering' or 'Missing Critical Patches'. If you selected a predefined target, the name of the target is used in the suggested name.
  • You can store a favorite query as Private (available only to you), or as Shared (available to all members with access to Edge Intelligence).

    You must have a role with Edge Intelligence > Configure permissions to create, edit and delete shared favorites. Shared favorites are available to all members with Edge Intelligence > Default Access permissions.
    For more information about Roles and Permissions, see Access Control.

  • You can add multiple instances of a query to the favorites.

Favorite queries are listed in a separate section, displayed above the default queries.
Favorite queries, listed in a separate section that is displayed above the default queries. Below the title are the tabs for Private and Shared favorite queries.

Edit a favorite query

You can make different sorts of edits to an existing favorite query.

Change only the name, make 'Private' or 'Shared'

 To change the custom name of a favorite query:

  1. Open the favorite query by clicking its link.
  2. In the widget that opens, click Heart icon (filled), indicating that the query is stored as a favorite next to the widget title to update the favorite.

    If the heart icon is colored black instead of red, you are viewing a shared favorite query and do not have the required permissions to edit the query.

  3. In the window that opens, change the name of the favorite.
    If you have the required permissions, you can also change if the favorite is stored as a Private or a Shared favorite query.
  4. Save your changes.

All changes

To make any change to a favorite query, including its name and whether it is Private or Shared:

  1. Open the favorite query by clicking its link.
  2. In the widget that opens, make the desired changes.
    When you change query parameters or targeting, the heart icon changes back to its base state (Heart icon (outline), indicating that the query is currently not a favorite.).
  3. Click the heart icon (Heart icon (outline), indicating that the query is currently not a favorite. or Heart icon (filled), indicating that the query is stored as a favorite, depending on your previous actions) next to the widget title to specify the name and save the favorite.
    If you have the required permissions, you can also change if the favorite is stored as a Private or a Shared favorite query.

    If the heart icon is colored black instead of red, you are viewing a shared favorite query and do not have the required permissions to edit the query.
    To use the shared favorite query as the basis for a personal query, first change a query parameter or its targeting. The heart will now change back to its base state (Heart icon (outline), indicating that the query is currently not a favorite.).

  4. Save your changes.
    This actually saves a new favorite query. If the old version of the query is obsolete, delete it.