What's New

The Azure Blob Storage SIEM Outbound Connector is now generally available.

Learn more about Azure Blob Storage SIEM Forwarding Connector.

The Splunk HTTP Event Collector (HEC) Outbound Connector is now available in technical preview. This feature enables customers to export Ivanti Neurons Audit Trails directly to Splunk Enterprise via HEC.

Learn more about Splunk HEC Connector.

• Actions in People View are now being logged and visualized in the Ivanti Neurons Audit Trail.

• Administrative tasks in Inventory Scanner Settings are now being logged and visualized in the Ivanti Neurons Audit Trail.

• Administrative tasks in Remote Control Settings are now being logged and visualized in the Ivanti Neurons Audit Trail.

External Authentication (SSO) method for the following external SSO providers:

• PingFederate Authentication (SAML)

• PingFederate Authentication (OIDC)

• ADFS Authentication (SAML): When integrating authentication with ADFS, you can also use Signed Requests and/or Encrypted Assertions.

  • Signed request are used so the Identity Provider (for example, ADFS) can verify the origin and integrity of the requests.

  • Encrypted Assertions are used so that the response from the Identity Provider, which includes user credentials, are protected from being intercepted and read by unauthorized parties

• Other IdP Authentication (SAML): A new SSO method is now added to use any other Identity Provider. If your Identity Provider is not one of those explicitly supported, this option can be used to integrate with that Identity Provider.
  The SAML protocol is supported for this option. It also allows Signed Requests and/or Encrypted Assertions to be used (requires Identity Provider support).

App Control now includes a new chart that provides insights into the applications granted permissions through the Policy Change Requests, along with actionable ROI analytics. This expanded visibility lets administrators easily correlate the number of grants with subsequent allowances and elevations.

Learn more about Policy Change Requests in App Control Overview.

App Control rules support EntraID Users and Groups, enabling better security and streamlined process management. Now, the administrators can define application control policies based on EntraID (formerly Azure Active Directory) users and groups, rather than relying on local accounts or static groups.

Learn more about Configuring Entra ID.

The Neurons for App Control agent now supports custom port configuration for improved flexibility and network compatibility. This introduces BrowserAppStorePort and BrowserCommsPort settings within the Application Control configuration. Administrators have granular control over which network ports the agent uses for browser-related services and communications.

Learn more about these port settings in Configuration Settings.

Organizations can now configure custom policies to prohibit executable files on removable media. This option allows administrators to manage policies prohibiting files, particularly executables, on removable media such as USB drives.

Learn more about the settings in Configuration Settings.

A new monitoring setting Power State History is available in Edge Intelligence settings. When the setting is enabled on a device, it tracks the various power states over time, allowing you to see when devices are On, Off, in Sleep, or Hibernate mode.

Learn more about Power State History in Edge Intelligence Settings.

An additional monitoring setting is introduced for the existing Ivanti Application Monitor functionality. This setting is available in Edge Intelligence settings and allows you to enable or disable the monitoring feature as required. The Ivanti Application Monitor component is installed or uninstalled when Edge Intelligence is the only service subscribing or subscribed to it.

Learn more about Application Monitor in Edge Intelligence Settings and KB article.

Attack Surface pages in Ivanti Neurons does not show data initially. You must first provide seed links to your organization's presence on the internet. Navigate to External Attack Surface > Manage Seeds page. Ivanti’s internet exposure crawler then looks at these seeds and reports on assets and exposures that it finds.

Learn more about Enhanced Onboarding and Usability in Ivanti Neurons for External Attack Surface Management.

Abuse prevention measures have been implemented for blocklisted domains within EASM to ensure improved security and compliance.

With scope support enabled, bots run by users through custom actions, the run now button or bot preview will now only execute against devices or people that their account is permitted to access.

Learn more about Scopes in Access Control and Neurons Bots Results.

Added support for deploying App Distribution’s bundle applications to the Bots stage to ensure both individual and groups of applications can be targeted.

Learn more about Bundle Support in Trigger App Distribution.

Mac and Windows icons are now added to the cards in the bot template library along with all the stages updated in the template library. This allows users to see what operating system the bots supports OOTB without having to create a saved copy first.

The ability to run the PowerShell Query stage as a specified user opens up the ability for additional use cases such as checking for access to network resources.

Learn more about PowerShell Query in Custom Stages and Neurons Bots Stages.

A number of changes have been made to the Automation framework to improve the speed at which Bot stages and their results are processed.

Performance improvements have been made and data filtering issues are fixed with Entra ID connector. The Neurons Entra ID connector is now updated:

• Previously, applying user group filters led to some users being skipped. This issue is now fixed.

• The connector made a large number of API calls to retrieve group members, which resulted in longer execution times and increased the risk of network failures.

• API call volume is reduced, allowing the connector to complete its execution much faster.

• A retry mechanism is introduced to handle network related issues more robustly.

Learn more about Microsoft Entra ID connector.

Software Inventory now has the ability to include complementary data from the Ivanti Software Library. The data includes regularly updated attributes such as end-of-life, product family, and release version details. If edited, inventory data does not match new Software Library data, you can easily review and resolve by accepting the new Ivanti data or keeping your edits.

Learn more about Software Conflict Resolution in Software Inventory.

In Inventory Scanner Settings page, settings are introduced to enable BitLocker Key settings. Once enabled, Neurons platform starts collecting BitLocker recovery key from the device running Windows operating system during the inventory scan. This key is stored in the system for future key recovery.

IT administrators with access to the Neurons dashboard, can retrieve the recovery key when needed. For example, with Neurons, to find the recovery key, navigate to Devices > Windows OS > Encryption Key > Select Recovery Key ID.

Learn more about BitLocker Recovery Key in Inventory Scanner settings and Device actions.

The Status field in Device Patch Deployment History dataset now includes patch rollback status.

Learn more about Dashboard Designer.

Device view column configuration has been enhanced with secondary columns. Secondary columns allow the selection of columns that have arrays of data.

Learn more about Device View in Devices.

Multiple enhancements have been made to the Automation framework to improve the speed at which Bot stages and their results are processed.

The Execute Script - CMD Support

The ability to run CMD prompt commands has been added to the Execute script function. Along with this, CMD prompt commands can be run as either local system or currently logged in user.

Learn more about Execute Script in Device actions.

The initial release of Ring Deployments supported a phased rollout of patches over a period of 30 days. To support organizations with rollout requirements greater than a month, Ring Scheduling now extends to a maximum of 90 days and supports individual soak time of up to 28 days for each Ring.

Multiple Ring rollouts now operates consecutively, allowing a Ring that has successfully completed a deployment to initiate a new rollout while the previous rollout still deploys on later rings.

Learn more about Multiple Concurrent Ring Rollouts in Configuration Behavior.

Previously, devices needed to be individually added to specific Rings when employing a Ring Deployment. With this release, administrators can optionally assign whole device groups to Rings. Devices that are later added to a device group automatically populate the associated Ring.

Learn more about Dynamic Ring Assignment in Ring Deployments.

Administrators now have the option to simultaneously rollback to a previous version of a patch that was successfully installed on multiple devices. This eliminates the need to individually rollback a bad patch on each affected device independently.

Learn more about Multi-Device Patch Rollback in Device details.

A new icon is added next to device names in console pages to indicate if that device is a member of a device group. A numerical value is also provided next to the icon to identify the number of device groups to which the device is a member. When the icon or number is selected, a searchable overlay is presented displaying the associated device groups.

Learn more about Device Groups in Deployment History.

In the console Device page > Patches tab, administrators can now select one or more advisories and add them to a patch group without needing to navigate to the Patch Intelligence page.

Learn more about Patch Groups

Reports generated for Patch Management now respect device scopes assigned to users. When a user creates a report, it is automatically scoped based on their assigned device access.

Learn more about Device Scopes in Patch Management Reports.

Reporting Access Controls have been updated for Patch Management, External Attack Surface Management (EASM), and Audit Trails. Users with View permission can only access reports they have generated or reports that have been explicitly shared with them. To share reports with other users, new Share permission is required.

Learn more about Permissions and Roles in Reports.

Two OOTB Patch Management report templates, Deployment History (Summary) and Deployment History (Detailed) now include new columns and sections detailing successful patch rollbacks.

Learn more about Deployment Status in Patch Management Reports.