Ivanti RS³ Platform Changes: Overview
Summary: A high-level overview of the platform changes occurring with the Ivanti RS³ update.
This article discusses the upcoming platform changes occurring with the Ivanti RS³ update.
Your organization may notice some of the following under this enhanced scoring methodology:
Findings associated with new weaknesses may be prioritized higher.
VRR for findings with no threat may increase because Ivanti Neurons RBVM/ASOC/VULN KB is de-prioritizing less.
In many cases, Ivanti RS³ values will change at the asset, group, and organizational levels. Most of the significant changes in scores can be attributed to one of the following:
Unified scoring methodology across networks and applications.
Increased threat surface to factor in the potential risk of associated CVEs and CWEs.
As a reminder, fixing a single critical finding may not move the needle much, but closing many critical findings or reducing the greatest VRR among them will make a substantial difference in Ivanti RS³.
Host Findings Page Updates
New filters related to CWE or OWASP are available in the Host Findings view. Users will be able to filter based on if their host findings have an association with an OWASP class on the Top 10 list or a weakness on the CWE Top 25. The boolean filters will always use the most current year, but the ability to filter by OWASP Top 10 Year and CWE Top 25 Year is also available.
In the Host Findings detail pane, a new section called Weaknesses displays OWASP and CWE mappings when applicable.
Hosts Page Updates
New weakness-related filters, such as Has CWE or Has OWASP Top 10, are available in the Hosts view.
Applications/Application Findings Page Updates
The Has OWASP Top 10 filter will use the most current year and has been updated to use the 2021 OWASP Top 10.
The Has CWE Top 25 filter will use the most current year and has been updated to use the 2021 CWE Top 25.
Weaknesses Page Updates
Quick filters for OWASP Top 10 and CWE Top 25 have been updated to the 2021 version. Additionally, the KPI cards have been updated to use the 2021 CWE Top 25 and 2021 OWASP Top 10.
The Ivanti RS³ infographic was updated and will appear on the first login following launch.
Miscellaneous Platform Updates
The following widgets have been updated to use the 2021 OWASP Top 10 and 2021 CWE Top 25:
Open Applications Findings with Top Software Weaknesses
CWE Top 25 Most Dangerous Software Weaknesses
Reports will be updated with the new Ivanti RS³ infographic and rebranding to Ivanti RS³ in the coming releases.