Version 14.13.00 Release Notes

Summary: A high-level overview of the changes/updates included in Ivanti Neurons Version 14.13.00, released on April 26, 2024.

The platform version 14.13.00 update includes the following features and enhancements:

• New Features
• List View Enhancements
• Integrations
• Dashboards
• Miscellaneous Changes
• Fixed Issues
• Known issues

For assistance with using our new features, receiving feature documentation, and/or scheduling training, please contact your Customer Success account manager directly or contact Ivanti support.

New Features

• Finding Articles - This feature allows users to write blog-like articles and apply them to one or more findings. Users can apply text formatting with markdown, upload attachments, insert images, and inject links to uploaded documents. A finding article can provide supplemental information like steps for patching or configuration.

  A finding article can also provide proof of exploitation (PoE). If marked as a PoE, the system treats a finding article as a threat. If a user needs to escalate a PoE, they can choose for the PoE to directly impact RS3 scores within the client.

  Finding articles also introduce two levels of access. If a user wants to limit access to the finding article, they should classify it as a restricted article. Otherwise, they should classify the article as unrestricted. One new supplemental roles, Finding Article Owner, gives users the ability to view and modify unrestricted articles. Users with the other new supplemental role, Restricted Finding Article Owner, will give users the ability to view and modify both unrestricted and restricted articles.

  Users with the roles of Security Analyst and Administrator will have the ability to view and modify both restricted and unrestricted articles. Users will Vulnerability Manager will have the ability to view and modify only unrestricted articles. Users without privileges to view or modify finding articles can still see the names and properties of finding articles applied to findings within the Finding Details.

• Enhancements to Asset Management - All clients (existing and new) will now have the groups “System - All Assets”, “System - All Hosts”, and “System - All Applications”. All assets automatically have membership in “System - All Assets” and in either “System - All Hosts” or “System - All Applications”, depending on their type. No user can add assets to or remove assets from these groups. If particular users need access to all assets at all times, a user with the Group Control privilege can assign that user to the “System - All Assets” group once to ensure access.

  These new groups and the default group are “system” groups. Users can create and manage “user” groups. The Group Details will indicate whether the system or a user has created it. Additionally, groups will be sorted into “System” and “User” categories within the Host Details and Application Details.

• New Default Group Client Setting - Prior to this release, the system had to manage assets with no group by placing them back into the Default Group. This occurred when a user removed an asset from all user-created groups. By default, this behavior is no longer enabled for any client. Users can reenable this setting by going to the Client Settings and checking the “Force Assets that have only System groups to be added back to the default group” box under Client Profile.

List View Enhancements

• Finding Article Filters and UX Updates - The Finding Article feature introduces new filters and updated filters within the list views. Some filters have been renamed. Filters previously referring to “manual finding reports” now refer to finding articles. Filters with “manual exploit” in the name now have “Finding Article PoE with RS3 Impact” in the name. Similarly, most locations in the UI now refer to finding articles and PoEs with RS3 Impact instead of manual finding reports and manual exploits.

Integrations

• Updates to the Tenable.sc connector - This connector will now ingest policy compliance type findings.

Dashboards

• Workflow Expiration Calendar - This calendar widget shows the number of workflows expiring on each date of the selected month. When a user clicks on one of the numbers, they will open up a popup that shows the total numbers of host findings and application findings within those expiring workflows. This widget is only available in the widget library and can be added to custom dashboards.

Miscellaneous Changes

• Users can now right-click on the manual sync button for new options when creating a connector.
• Users can associate an existing IDP with another client that they manage.

Fixed Issues

• CheckMarxSCA will now allow a user to enable Auto URbA.
• Qualys VM/VMDR will no longer report intermittent issues when pulling data.
• A Group By on a CMDB field will no longer add an erroneous "/" to results.
• Qualys PC and WAS will no longer report “Unable to establish a Connection.None.get" error.
• Status notifications for ticketing and CMDB connectors will no longer show the text “Upload-01”.

Known Issues

• If a user assigns a PoE with RS³ impact to a finding, its VRR score may not automatically update in a timely manner.
• Users with only the privilege of viewing a restricted finding article cannot open up the preview for an unrestricted article from the detail pane. If the user also has the privilege to edit articles, they can still read the article by opening up the article for editing from the Finding Articles drop-down menu.
• Finding articles replaced “manual finding reports” that used a different type of text formatting syntax. In rare cases, users may have to manually edit migrated manual finding reports to finish the conversion of the older tags to markdown:
• If an article contains nested list tags (i.e. a [ul] or [ol] inside another [ul] or [ol]), the user may still see the old tags in the article instead of markdown.
• Some manual finding reports were intended to import text documents directly into code blocks. The migration converted the [text] tag into an attachment link. However, if the link appears in a code block, the link will be treated as text rather than markdown. A user will have to remove the link from the code block to activate it.
• Finding Article titles must be unique across both Host Findings and Application Findings, although the finding articles menu only shows finding articles for the appropriate finding type. (In other words, you don’t see the finding articles for Host Findings on the Application Findings page and vice versa.)
• If a PoE with RS³ Impact has capped a group score, this will not be shown in the Group History.
• The help article about API pagination linked on Swagger is using a broken link. Please visit API Pagination of Search Requests.