Pre-requisites for testing Ivanti patching workflow
Since this is a dedicated article for testing purposes, the first step of the test will be to choose in advanced the patches we are about to test:
Enter the Ivanti test environment and select the available items to patch as part of the test.
Take the mentioned CVE on the item to match to the vulnerability in Vulcan later.
How to deploy a patch using Ivanti
Go to the Vulnerability page-->Search the item you want to patch by CVE:
Choose the vulnerability you want to remediate using Ivanti, in the vulnerability page, click on Take Action --> Deploy a patch and Choose the Ivanti icon.
On the deploy patch section, choose the relevant Machine Group you want to patch. The connector will query the Ivanti server at the chosen Machine Group.
Click on Initiate scan in Ivanti (NOTE: This task may take up to 1-2 minutes).
Once the process is done, you will get back the patches offered by Ivanti from the selected Machine Groups
You can see that Vulcan's Ivanti connector offered the fix that is relevant to the vulnerability you chose to fix.
Select Deployment Template (you can read more about Deployments Templates here)
Click on Deploy fix (NOTE: This task may take up to 1-2 minutes)
You can see in the vulnerability's activity the patch was created.
How to verify the remediation workflow via Rapid7
To complete the workflow, you will have to make sure the Ivanti assets are scanned and found as "Fixed".
To do so:
Make sure the Ivanti assets are scanned by the used scanner (Rapid7/ Qualys/ Other).
Initiate/wait for the daily Vulcan data ingestion from the used scanner (connector). You can operate by the Connectors page.
After the ingestion is completed, search for the vulnerability under the "All" vulnerability section and see it under a "fixed" state.