A high-level overview of networks in Ivanti Neurons.
Two critical elements in the Ivanti Neurons platform are Networks and Groups. Networks determine an asset’s uniqueness, while Groups provide access controls to assets. There is no hierarchical relationship between networks and groups.
Networks are managed on the Organize > Networks page in Ivanti Neurons.
When uploading data to the Ivanti Neurons platform, users must designate a network partition for the upload.
Ivanti Neurons uses Networks to determine if data should be aggregated by IP address, hostname, or custom. This way, you can configure your networks in the Ivanti Neurons platform to match how you perform your network/application scans.
If your scanners are tuned to return a hostname, we recommend you upload your scans to a hostname-based network.
If your scanners are tuned to return a static IP address, we recommend you upload your scans to an IP-based network.
If your scanners are tuned to return a unique identifier (which is specific to each scanner) or if you need to customize the logic of identifying an asset, we recommend you upload your scans to a mixed network.
For example, let us say that your workstations receive hostnames, but some of the devices are wireless and receive different IP addresses each time they connect to your internal network. In that scenario, upload your workstation-environment scans into a hostname-based network. Let us also say that you have some assets outside your firewall. These devices do not communicate with DHCP but have been issued static IP addresses. In this scenario, upload vulnerability scans of those external hosts to an IP-based network partition. Keep in mind that these scans must be uploaded to the correct network consistently to avoid accidental asset duplication in the Ivanti Neurons platform.
If you have overlapping IP ranges, these can be managed by network partitioning. Assets in each network are treated as unique, even if they have the same IP address. The data will not be merged if they are uploaded to separate networks.
An everyday use case for defining and leveraging more than one network of the same aggregation type would be organizations that grow through acquisition. Suppose your environment uses the 10.5.10.x space for workstations, and you acquire a new location that leverages the same 10.5.10.x address space. In that case, we suggest creating a second IP-based network to upload the acquired office’s scan data. This allows the Ivanti Neurons platform to keep hosts with identical IP addresses as separate entities.
In some cases, the hostname or IP address may not be unique. There may be a chance where the asset identification will be based on the scanner’s unique identifier or any field like EC2 identifier, MAC Address, NETBIOS, etc. The asset uniqueness can be varied for each scanner and customer preference. In this scenario, we prefer uploading scans to a mixed network. Please contact Ivanti Neurons support for more details on this network.