Filtering Examples

Summary: Several examples of using filters in Ivanti Neurons.

Ivanti Neurons list views and dashboards offer filtering options, allowing users to narrow their analysis and focus on the most urgent, useful, or interesting results. The following examples are intended to demonstrate some of the ways in which filters can be used to quickly identify exposures and risk.

Example 1

Identify non-Windows hosts that belong to the 10.20.30.0/24 range, have been assigned host name suffix of “.SAN”, and are easily exploitable (i.e., the host has at least one open weaponized finding or an open finding related to default credentials).

Within the Manage > Hosts list view, apply the following four filters:

Filter Category	is / is not	Operator	Value
Operating System	Is not	Like	Windows
IP Address	is	CIDR	10.20.30.0/24
Host Name	is	Wildcard	*.san
Easily Exploitable	is	Exactly	True

Example 2

Seek out open, high-risk web application vulnerabilities that can lead to execution of malicious code and can be leveraged without the use of valid authentication credentials.

Within the Manage > Application Findings list view, apply the following four filters:

Filter Category	is / is not	Operator	Value
Status	is	Exactly	Open
VRR (Vulnerability Risk Rating	is	Between	7 and 10
Has Malicious Code Execution	is	Exactly	True
Authentication Required	is	Exactly	False

Example 3

Filter for open high-risk host findings that can lead to Privilege Escalation or Remote Code Execution susceptibility on high business-critical assets that belong to the Accounting or Finance groups.

Within the Manage > Host Findings list view, apply the following four filters:

Filter Category	is / is not	Operator	Value
Status	Is	Exactly	Open
VRR (Vulnerability Risk Rating)	is	Greater Than	7.5
Has Privilege Escalation or Remote Code Execution Exploits	is	Exactly	True
Asset Criticality	is	One of	4,5
Group	Is	One of	Accounting,Finance