Version 14.07.00 Release Notes

Summary: A high-level overview of the changes/updates included in Ivanti Neurons Version 14.07.00, released on February 2, 2024.

The platform version 14.07.00 update includes the following features and enhancements:

For assistance with using our new features, obtaining feature documentation, and/or scheduling training, please contact your Customer Success account manager directly or send a message to [email protected].

Integrations

  • Tenable.sc v2 updated to include plugin family - v2 of the Tenable.sc connector will now populate the Nessus Plugin Family field with the plugin family name. For Policy Compliance type findings, the family name provided will be “Policy Compliance”.

Dashboards and Reporting Enhancements

  • Multi-Client Dashboard Redesign – The Multi-Client Dashboard has been redesigned to match the look and feel of other system dashboards. Users can configure a line of KPIs at the top and set widgets to show host data, application data, or both. The Quick Interactions menu assists users with quickly changing the type of asset data shown on the dashboard and with narrowing the dashboard results to higher-risk vulnerabilities. The RS3 widgets will match our redesigned RS3 dials on other system dashboards. The redesign will also introduce (3) new widgets:
    • Client Vulnerability Search – This widget will help users to find a list of clients impacted by a particular vulnerability. Users will be able to search the CVE ID directly, and the widget will display the CVE’s description, associated threats, and details on the clients impacted.
    • Client Filter Overview – This widget will allow a user to apply a System filter and identify the top 5 clients and findings affected.
    • Vulnerable Clients – This widget will reveal the top three most vulnerable clients based on their threat exposure, overdue findings, or risk acceptance. Users can change the columns visible in this widget as well.

Workflow Enhancements

  • Workflow Automation - This feature allows users to automate mapping findings to a Risk Acceptance or False Positive workflow. The system maps findings to the workflow that match a user-defined filter. Users may want to use automated workflows in situations where they expect for future ingested findings to match criteria for a specific workflow. Unlike approved manual workflows, approved automated workflows can continue to accumulate additional findings. For more information, view the documentation on automated workflows.

Miscellaneous Changes

  • The “Multi-Client Weaponization Funnel” widget previously available on the Multi-Client Dashboard will be EOL with this release.
  • The Scanners list view has been converted to the v2 format.

Fixed Issues

  • An issue has been resolved that caused BURP connector jobs to stall.
  • Users with access to the appropriate system-level role should now be able to successfully map a manual finding report or manual exploit to a finding.
  • The v2 Tenable.sc connector will report the correct number of assets.
  • Findings within an approved Risk Acceptance workflow should remain closed until the expiration date.
  • For manual workflows, the Update dialogue will not allow a user to submit until the user has actually changed a field in the form.
  • Within the Blackduck connector configuration form, an appropriate error messaged will be displayed when when the user tries to search for project names by entering special characters.
  • The “Hidden” tag type has been removed from ticketing connector configuration options.
  • On the Application Findings page, users will now see suggested values for the “Location” filter.
  • When assets are moved to the Default Group after being orphaned, patch counts for the Default Group will now be updated correctly.
  • Jobs referring to “vuln compute due date” will no longer compete with other jobs for system resources. These have been observed to slow down jobs for updating asset data.

Known Issues

  • When approving a workflow, the approver should avoid clicking the red “x” to clear the automation stop date. Until the approver closes the dialogue and reopens it, the calendar will show most dates as unavailable.
  • To enable automation, a user must choose new automation stop date at least one day in the future. After the system reaches UTC midnight, users with a local browser time several hours behind may see a different minimum automation stop date in the calendar than the one shown in snackbar errors.
  • For automated workflows, the ‘Copy’ dialogue shows the name of the new workflow on the first step, leading to users seeing “Copy Copy_<Workflow Name>” in the header.
  • Users may see some overlap between error messages in the automated workflow dialogues and menu items beneath them.
  • On the new Multi-Client dashboard, the widget “Client Filter Overview” may combine similarly named clients into a single bar.