In this article you will find:
- Technical overview
- How to configure Ivanti connector
- How to deploy a patch using Ivanti via Vulcan
1. Technical overview
Supported version: Ivanti Security Controls 2019.3 - 9.4.34511
Vulcan's Ivanti connector provides the ability to deploy Windows patches via Vulcan platform.
Vulcan's Ivanti connector uses the provided credentials to access the Ivanti server, and pull relevant Machines Groups.
Once the user taking action and deploying a patch, the connector requires the user to choose a Machine Group, and based on that Vulcan will display the relevant fixes for them. All fixes are sent to Ivanti server, and it runs them by the existing scheduler or manually.
- Open inbound tcp connection to port 3121
- User needs to be a local admin on the Ivanti server (which will use the API). Note that the user should have the in the registry editor under the path HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System the value name LocalAccountTokenFilterPolicy and its value data is 1 (DWORD 32-bit). If it does not exist, you will have to create it.
2. How to configure Ivanti connector
In the Connectors page, click in Add a Connector
Click on the Ivanti connector
Fill in the relevant fields:
Console URL - URL of your Ivanti server (For example: https://[URL])
Port number - Relevant port to communicate with Ivanti server
Username - Domain admin account to authenticate the Ivanti server.
Password - Password of the username to authenticate the Ivanti server
Click on Create
3. How to deploy a patch using Ivanti
NOTE: Vulcan's Ivanti connector can deploy patches only on assets that are being managed by Ivanti server and an Ivanti Security Controls agent is installed on them, and only Windows OS.
Choose the vulnerability you want to remediate using Ivanti, and click on Take
Action --> Deploy a patch. Choose the Ivanti icon.
Choose the relevant Machine Group you want to patch. The connector will query the Ivanti server at the chosen Machine Group.
Click on Initiate scan in Ivanti (NOTE: This task may take up to 1-2 minutes).
Once the process is done, you will get back the patches offered by Ivanti from the chosen Machine Groups
On Ivanti's side, this is the current state:
You can see that Vulcan's Ivanti connector offered the fix that is relevant to the vulnerability you chose to fix.
Select Deployment Template (you can read more about Deployments Templates here)
Click on Deploy fix (NOTE: This task may take up to 1-2 minutes)
You can see in the vulnerability's activity the patch was created
In Ivanti itself, you can see that the relevant patch was sent and installed.
The vulnerability itself will change its status after the next vulnerability scan will run on that host and won't find the patched vulnerability again.