Edge Intelligence

Edge Intelligence gives you real-time insights, as well as remediation and alerting capabilities for your environment. Data is retrieved from devices in real-time, at the moment you request it.

You can enter your questions as you would ask them—for example, "show me the firewall status." Edge Intelligence leverages the power of machine learning to provide you with the desired data.
Alternatively, there are several predefined queries available, related to Security, Health, and Inventory. A selection of these queries can also be run against a device you selected from the Devices page. See also Device details.

After installing the Ivanti Neurons Agent on a device, it will start responding to queries. For details about installing the agent, see Agent Management.

Some of the features in Edge Intelligence, for example performing actions or setting alerts, are available only to users with the appropriate role.
For information about managing roles, see Roles.

You can access Edge Intelligence from the menu, at Insights > Edge Intelligence.

Landingpage

By default, and depending on settings, when you go to Edge Intelligence, the Agent Overview opens with a map displaying the locations of the agents in your environment.
In the top-right of the map, select the X to close the map and display the list of available predefined queries. Deselect the option Show as landingpage to skip the Agent Overview when you access Edge Intelligence.

If you have previously deselected Show as landingpage but want to enable the option again, click on the section that lists how many agents are online (xx / yy online) to the right of the Edge Intelligence query bar.

Geo scoping

Use to select an area on the map of the landingpage and use it as the geo scope for follow-up queries.

Location data

If you do not want to display agent location data, you can disable the location sensor.

Query widgets

The response to your query is displayed in a widget.

Click on a result label listed above the chart (e.g. Enabled in the image above) to toggle between hiding or showing the related results.
Click on a result category in the chart (e.g. Domain in the image above) to go to the list view, filtered for that category.

Depending on the widget, the following controls may be available. Some controls are only available from the list view.

– Toggle between chart and list view. By default, most widgets open as a chart. Switch to the list view to see the results in more detail.
The list view also enables you to initiate actions to solve an issue you identified from the query results. For example, if the results show a device with a disabled firewall, you might use an action to enable the firewall. For details about using actions, see Edge Intelligence actions.
– Enable alerting. You can configure alerts based on real-time events. Alerts can also trigger one or more actions. For example, Edge Intelligence can initiate the Cleanup disk action if free disk space on drive C: drops below 10%. For details about using actions, see Edge Intelligence actions.
For an overview of configured alerts, click in the search bar.
– Repeat the query for all currently connected endpoints.
– Define the scope ("on which endpoints will the query run") and/or parameters ("which query will run on the endpoints") for the query. Some parameters are mandatory.
If scopes or parameters are defined, this is indicated by a badge on the icon:
When you set a query as a favorite, scopes and parameters are preserved.
– On some map-based widgets, you can define a geo scope by drawing a rectangle over the desired area. A message is displayed, indicating that a filter is in effect:

To reset the filter, click at the end of the message.
– Pin a query to gather results for 24 hours. Because Edge Intelligence uses real-time information, it can only return data from agents that are online at the time the query is sent. By pinning your query, Edge Intelligence will gather responses to your query from agents that come online for a period of 24 hours.
– Start trending. By default, Edge Intelligence does not retain query results. However, for certain queries you may want to track how a specific aspect develops over time. The trending option enables you to do just that.
You can specify the data collection period and interval, and whether the trending data should be available only to you or to everyone in your organization.
The Trending feature is experimental, with considerable limitations. Only the Free Disk Space, Logon Performance and Windows Reliability Index queries have a chart view. Although the rest of the queries do not have a chart view defined, it is still possible to download the data after enabling a trend for the query of interest. Ivanti has received feedback on this experimental functionality, which will be processed into a successor.
– Copy the results that are displayed on the current page of the widget.
– Export query results to CSV. The results (up to 150.000 lines) are exported to a CSV file, which is then downloaded to your computer. Note that the export includes only results that are available at the moment the export button is selected.
– Use the current selection of agents as a filter for other queries. This allows you to limit additional investigation or remediation to a subset of devices.
When you set a query as a favorite, filters are not preserved.
Example
Using the Event Log Summary query, you have identified that event ID 7034 may be causing problems on several devices and want to investigate further.
1. In the Event Log Summary widget, use Search to limit the results to devices where this event was logged:
2. Click to set the list of devices in the results as the filter for other queries. A message is displayed, indicating that a filter is in effect:
  
  In the example above:
  93 indicates the number of devices after applying the filter.
  Event Log Summary is the query from where the filter was set.
  7034 is the search phrase that was used to define the filter.
3. Any Edge Intelligence query you perform will only be applied to the resulting devices, in this example to the 93 devices mentioned in step 2.
  Similarly, any Edge Intelligence action you select will only be applied to these devices.
To add filter criteria, click after performing additional queries from the same widget or from other Edge Intelligence widgets.
To reset the filter, click at the end of the message indicating that a filter is active.

Favorite queries

To create a set of favorite queries, use the icon next to the query widget title. This will add the query to your favorites, preserving its current scope and parameters (see above). Please note, that filters are not preserved.
You can specify a custom name to indicate what the query will return, for example 'Local Admin Users Engineering' or 'Missing Critical Patches'.
Multiple instances of a query can be added to your favorites.

Favorite queries are listed in a separate section, displayed above the default queries.

Change favorite name

To change the custom name of a favorite query:

Open the favorite query by clicking its link.
In the widget that opens, click next to the widget title to remove the query from your favorites.
You can make changes to the scope and/or parameters for the query by clicking .
If you do not make changes, the scope and parameters that were saved in the favorite will be preserved.
Click to re-add the query to your favorites.
This will open a window where you can change the name of your favorite.
Save your changes.