Version 12.00.00 Release Notes

A high-level overview of the changes/updates included in Ivanti Neurons Version 12.00.00, released on April 22, 2022.

The Ivanti Neurons platform version 12.00.00 update includes the following features and enhancements: 

For assistance with using our new features, receiving feature documentation, and/or scheduling training, please contact your Customer Success account manager directly.

New Features

Notifications

This feature sends notifications about specific events such as the ingestion of new ransomware findings, a failed connector run, or an update to a System filter. Users can configure notifications to specific delivery channels, including email, Slack, or Microsoft Teams. They can also choose to receive notifications per event or receive daily, weekly, or monthly rollups. This release focuses on notifications for the following:

  • Ingestion of new high-risk host findings or updates to VRR or Severity scores of host findings
  • Integration status
  • Changes to a group’s Ivanti RS³ score
  • Publication of new ransomware-associated vulnerabilities
  • Publication of new vulnerabilities associated with a specific vendor

For more information, visit the overview on notifications.

User Widgets

You asked for it; we listened! Users can now create custom table-based widgets from list views based on their current columns, sort, applied Group By, and applied filters. Then they can add the new widget to a custom dashboard and make it available to other users on the same client. For more information, visit the User widget overview and User widget FAQ.

Ivanti RS³ Update

The newest update of RS³ brings improvements to the Vulnerability Risk Rating (VRR) algorithm. Some highlights of this update include

  • The same Vulnerability Risk Rating (VRR) algorithm now applies to both host findings and application findings. In the absence of a threat, the platform will consider the top 40 CWEs and OWASP Top 10 in scoring either a host finding or an application finding.
  • The platform can draw on additional threat intelligence sources, including Ivanti-authored threats on plugins.
  • Once the base score (the score without threat intelligence) of a finding has been identified, the score can only be decreased by one VRR Group (e.g., Critical to a High).

For more information on the new VRR, please visit:

RiskSense Rebranding to Ivanti Neurons

The Ivanti Neurons color scheme and logos now show on the login screens and the navigation bar. RiskSense logos and references will still be visible in some parts of the platform. For more information, visit the article on branding updates.

Deep Linking

Users can now generate URLs with the “Copy Link” option that leads back to specific list views and dashboards. The links generated work for up to 90 days and capture applied filters on list views. For more information, visit the article on deep links.

List View Enhancements

List View Settings Enhancements

List views that support User widgets now allow you to change your list view settings temporarily. When you refresh the browser or log back in, the list views will revert to your last saved settings. The list views will alert you if you have made unsaved changes. You can save new personal default settings through the Settings menu or by selecting the new option “Save Current Settings” under the settings gear. For more information, visit the article on saving list view settings.

Updated Ivanti RS³ Infographics

The Ivanti RS³ infographic, which can be invoked as a popup on dashboards and list views, has been updated to show key information about RS³.

Standardization of System Filter Names

System filters based on a curated list of vulnerabilities now have the same titles on the Host, Host Findings, Applications, and Application Findings pages.

New and Updated System Filters

The following system filters have been added to or updated on the Host, Host Findings, Applications, and Application Findings pages as well as the Vulnerabilities page of the Vulnerability KB:

  • “Patch Tuesday 4-12-2022”
  • “CVE-2022-22963”
  • “CVE-2022-22947”
  • ”Spring4Shell”
  • “CISA Known Exploited”

Application Weakness Fields in Exports

Users can now export the CWEs and OWASP categories associated with host findings and application findings. Users can also export the WASC IDs on the Application Findings page.

Weakness Information in the Finding Detail

The Finding Detail panes on the Host Findings and Application Findings pages now both have a distinct “Weaknesses” section for CWEs and OWASP Top 10 mapped to the finding.

Exportable Tag IDs

Tags on assets and findings can now be exported from the Host, Host Findings, Application Findings, Applications, and Patches page. The Tags page export now includes the IDs, as well.

Host CWE Filters

As the platform can now score host findings based on the CWE Top 40 and OWASP Top 10, the following filters have been added to the Host page:

  • “CWE”
  • “Has CWE” (also added to the Applications page)
  • “CWE Top 25 Year”
  • “Has CWE Top 25”
  • “Open CWEs”
  • “Has OWASP Top 10”
  • “Has Open OWASP Top 10”
  • “OWASP Top 10”
  • “Open OWASP Top 10”

Host Finding CWE Filters

As the platform can now score host findings based on the CWE Top 40 and OWASP Top 10, the following filters have been added to the Host Findings page:

  • “CWE”
  • “CWE Name”
  • “CWE Top 25”
  • “Has CWE”
  • “Has CWE Top 25”
  • “Has OWASP Top 10”
  • “OWASP Top 10”
  • ”OWASP Top 10 Year”

Integrations

Qualys WAS Configurable Ingestion

The Qualys WAS connector now allows users to specify which findings the connector should ingest. One or more of these options can be selected: Vulnerability (Potential, Confirmed, or both), Sensitive Content, and Information Gathered.

New Prisma Cloud Integration

The platform now integrates with Palo Alto Prisma Cloud Security. The Prisma Cloud connector can ingest both hosts and container images and supports both Vulnerability and Compliance findings. For more information, visit the Prisma Cloud Compute Connector Guide.

First Discovered On and Last Discovered On Mappings for AWS Inspector

The AWS Inspector fields createdAt and updatedAt will now be mapped to the fields First Discovered On and Last Discovered On, respectively.

Dashboards

Updated OWASP Widgets

The widgets “OWASP Distribution” and “Open Application Findings with Top Software Weaknesses” now refer to the 2021 OWASP Top 10.

RS³ Rebranding

Widgets that show the current RS³ or the history of RS³ (and are not tagged as EOL) now use the term Ivanti RS³ in titles, descriptions, and previews. Similar updates have been made to the Multi-Client dashboard.

Reporting

Updated RS³ Appendix

The appendices to the Executive Risk and Asset Risk reports have been updated to convey the new VRR algorithm.

OWASP 2021 Update

The Executive Vulnerability report has been updated to use the 2021 OWASP Top 10 categories in the section on web applications.

Miscellaneous Changes

CVSS Incorporated into Application Finding Severity

If an application finding has been mapped to one or more CVEs, their CVSS scores will now be considered in calculating the finding’s Severity score. This update enforces that the calculation algorithm for application findings matches the calculation algorithm for host findings.

CWEs Mapped to CVEs

In the Vulnerability KB, a CWE mapped to a CVE will show under “Quick Info” on the CVE detail view.

Fixed Issues

  • The Generic Uploader can now handle very large CSV files.
  • A user can edit an AWS Inspector connector configuration without seeing an error.
  • On the “Select Assessment” step of a manual upload, closing the “Create Assessment” dialogue no longer duplicates the currently selected assessment.

Known Issues

  • The Copy Link option has not been disabled in the Group By view. Currently, links created on list views can include applied filters but not an applied Group By. Any link created on a Group By view will take a user back to the main list view.
  • The user can copy a link to an unsaved dashboard by clicking the option “Configure” from the top Navigation menu or exiting Edit mode while creating a new dashboard. Links to unsaved dashboards never load, showing the standard spinning animation.
  • For a deep link to capture the applied filters of a dashboard, the filters must be saved as part of the dashboard first. Unlike list views, the currently applied filters cannot be reproduced with the deep link.
  • If a user is trying to share a dashboard while they are saving it, the dashboard (and any widgets on it) may be shown as private after the dashboard is saved.
  • The system default columns for the Patches page are not bolded in the Patches list view Settings dialogue.
  • The Tag Detail pane was intended to show the ID of the tag. This information will be added in another release.
  • Report preview files have not yet been updated to match the latest versions of the reports.
  • In the Host export and the asset section of the Host Findings export, the field name “AssetTag Ids” is shown. This should instead be “Tag Ids” on the Host export and “Asset Tag Ids” in the Host Finding export.