InsightConnect Marketplace

Ivanti Security Controls

Back to Marketplace

Ivanti Security Controls

v1.3.0

Ivanti Security Controls is a unified IT management platform used for managing and protecting through Patch Management, Application Control, and Asset Inventory functionality

Tags: TEM, endpoint, patch


Actions
  • Create Patch Group
  • Create Patch Scan Template
  • Get Agent
  • Get Agents
  • Get Agent Status
  • Get Patch Deployment
  • Get Patch Details
  • Get Patch Scan Status
  • Get Scanned Machine Details
  • Search Patches
  • Start a Patch Scan

Description

Ivanti Security Controls is a unified IT management platform used for managing and protecting through Patch Management, Application Control, and Asset Inventory functionality.

Key Features

  • Ability to retrieve Ivanti Security Controls known agents
  • Ability to check agent status

Requirements

  • Ivanti Security Controls 2019.3 (Build: 9.4.34544) or later
  • Ivanti Security Controls host and API port (default: 3121)
  • Username and password of Windows account where Ivanti Security Controls is installed
  • (Recommended) Ivanti Security Controls certificate in order to enforce certificate verification

Documentation

Setup

The connection configuration accepts the following parameters:

Name Type Default Required Description Enum Example
credentials credential_username_password None True Username and password None {"username":"user1", "password":"mypassword"}
host string None True Enter the hostname None example.com
port integer 3121 True Enter the port None 3121
ssl_verify boolean True True Validate certificate None True

Example input:

{
  "credentials": {
    "username": "user1",
    "password": "mypassword"
  },
  "host": "example.com",
  "port": 3121,
  "ssl_verify": true
}

Technical Details

Actions

Create Patch Group

This action is used to create a new patch group with CVEs.

Input
Name Type Default Required Description Enum Example
cves []string None True The CVEs that should be included in the new patch group None ["cve-2019-0701", "CVE-2019-0708"]
name string None True The name of the new patch group None New Patch Group
path string None False The path that describes the location of the patch group within the Patch Templates and Groups list in the navigation pane None Lab\Servers

Example input:

{
  "cves": [
    "cve-2019-0701",
    "CVE-2019-0708"
  ],
  "name": "New Patch Group",
  "path": "Lab\\Servers"
}
Output
Name Type Required Description
patch_group patch_group True Detailed information about the patch group

Example output:

{
  "patch_group": {
    "id": 10,
    "links": {
      "self": {
        "href": "https://example.com:3121/st/console/api/v1.0/patch/groups/10"
      },
      "patches": {
        "href": "https://example.com:3121/st/console/api/v1.0/patch/groups/10/patches"
      },
      "usedby": {
        "href": "https://example.com:3121/st/console/api/v1.0/patch/groups/10/usedby"
      }
    },
    "name": "example-patch-group"
  }
}

Create Patch Scan Template

This action is used to create a new patch scan template.

Input
Name Type Default Required Description Enum Example
description string None False Description that explains the purpose of this patch scan template None Patch Scan Template created from InsightConnect
name string None True Name of the patch scan template None ExamplePatchScanTemplate
patchGroupIds []integer None True The IDs of the patch groups to use None 1
path string None False Path to the location of the machine group within the Patch Scan Templates list in the navigation pane None Lab\Servers
threadCount integer None False Specifies maximum number of machines that can be simultaneously scanned during one patch scan None 1

Example input:

{
  "description": "Patch Scan Template created from InsightConnect",
  "name": "ExamplePatchScanTemplate",
  "patchGroupIds": 1,
  "path": "Lab\\Servers",
  "threadCount": 1
}
Output
Name Type Required Description
patch_scan_template patch_scan_template True Detailed information about the patch scan template

Example output:

{
    "patch_scan_template": {
        "creator": "IVANTI-W16\\Administrator",
        "description": "Example Patch Scan Templete Description",
        "id": "4374292d-3465-4d77-b752-c4eccd91bba5",
        "isSystem": false,
        "links": {
            "self": {
                "href": "https://example.com:3121/st/console/api/v1.0/patch/scanTemplates/4374292d-3465-4d77-b752-c4eccd91bba5"
            },
            "usedby": {
                "href": "https://example.com:3121/st/console/api/v1.0/patch/scanTemplates/4374292d-3465-4d77-b752-c4eccd91bba5/usedby"
            }
        },
        "name": "example-patch-scan-template",
        "patchFilter": {
            "patchGroupFilterType": "Scan",
            "patchGroupIds": [
                2,
                3
            ],
            "patchPropertyFilter": {
                "customActions": false,
                "nonSecurityPatchSeverities": "None",
                "securityPatchSeverities": "None",
                "securityTools": false
            },
            "scanFor": "NecessaryExplicitlyInstalled",
            "softwareDistribution": false,
            "vendorFamilyProductFilter": {}
        }
    }
}

Get Patch Deployment

This action is used to retrieve information about a specific patch deployment.

Input
Name Type Default Required Description Enum Example
deployment_id string None True Patch deployment ID None 5dbcb89f-eec3-4182-a9aa-1e6074fb0acb
machine_id integer None False ID of a machine involved with a specific patch deployment None 7

Example input:

{
  "deployment_id": "5dbcb89f-eec3-4182-a9aa-1e6074fb0acb",
  "machine_id": 7
}
Output
Name Type Required Description
machine_information machine_deploy_state True Information about a machine involved with the patch deployment
patch_deployment_details patch_deployment True Detailed information about a specific deployment

Example output:

{
  "patch_deployment_details": {
    "completedMachineCount": 1,
    "creator": "IVANTI-W16\\Administrator",
    "expectedMachineCount": 1,
    "id": "282cbbf9-276d-4d36-a96d-6e55c8a7271e",
    "isComplete": true,
    "lastUpdatedOn": "2020-05-08T13:38:37.987Z",
    "links": {
      "self": {
        "href": "https://example.com:3121/st/console/api/v1.0/patch/deployments/282cbbf9-276d-4d36-a96d-6e55c8a7271e"
      },
      "machines": {
        "href": "https://example.com:3121/st/console/api/v1.0/patch/deployments/282cbbf9-276d-4d36-a96d-6e55c8a7271e/machines"
      },
      "template": {
        "href": "https://example.com:3121/st/console/api/v1.0/patch/deploytemplates/7b5bc7e4-7437-47ac-ae2e-569ffdb0ccf8"
      }
    },
    "name": "Standard",
    "startedOn": "2020-05-08T13:33:39.077Z"
  },
  "machine_information": [
    {
      "address": "10.4.27.111",
      "completedPatches": 1,
      "domain": "WORKGROUP",
      "id": 36,
      "lastUpdated": "2020-05-08T13:38:37.987Z",
      "links": {
        "self": {
          "href": "https://example.com:3121/st/console/api/v1.0/patch/deployments/282cbbf9-276d-4d36-a96d-6e55c8a7271e/machines/36"
        }
      },
      "name": "splunk-724-w12",
      "overallState": "Complete",
      "patchStates": [
        {
          "bulletinId": "MS20-02-AFP-4537759",
          "finishedOn": "2020-05-08T13:34:54.6",
          "hasExecuted": true,
          "kb": "Q4537759",
          "lastUpdated": "2020-05-08T13:34:54.6",
          "nativeCode": 0,
          "overallState": "Complete",
          "overallStateDescription": "Complete",
          "patchId": "00030eb2-0000-0000-0000-000000000000",
          "scheduledOn": "2020-05-08T06:33:40.47",
          "startedOn": "2020-05-08T13:34:42.463",
          "status": "VerifiedFixed",
          "statusDescription": "Successfully installed"
        }
      ],
      "statusDescription": "Finished"
    }
  ]
}

Get Patch Details

This action is used to retrieve information about a patch from Ivanti Security Controls.

Input
Name Type Default Required Description Enum Example
id integer None True The vulnerability ID None 4693

Example input:

{
  "id": 4693
}
Output
Name Type Required Description
patch vulnerability True Detailed information about a patch

Example output:

{
  "patch": {
    "bulletinId": "MS15-022",
    "cve": [
      "CVE-2015-0085",
      "CVE-2015-0097"
    ],
    "id": 5033,
    "isSupported": true,
    "kb": "Q2920812",
    "links": {
      "self": {
        "href": "https://example.com:3121/st/console/api/v1.0/patches/5033"
      }
    },
    "patchIds": [
      "0000df6d-0000-0000-0000-000000000000",
      "0000dfb5-0000-0000-0000-000000000000",
      "0000dfd4-0000-0000-0000-000000000000"
    ],
    "patchType": "SecurityPatch",
    "releaseDate": "2015-03-10T00:00:00",
    "replacedBy": []
  }
}

Search Patches

This action is used to find and display detailed information about patch.

Input
Name Type Default Required Description Enum Example
security_id []string None True Security Vulnerability ID None ["MS99-031", "Q240346", "CVE-2015-4485", "4693"]

Example input:

{
  "security_id": [
    "MS99-031",
    "Q240346",
    "CVE-2015-4485",
    "4693"
  ]
}
Output
Name Type Required Description
vulnerabilities []vulnerability True Details about an agent

Example output:

{
  "vulnerabilities": [
    {
      "bulletinId": "MS15-022",
      "cve": [
        "CVE-2015-0085",
        "CVE-2015-0097"
      ],
      "id": 5033,
      "isSupported": true,
      "kb": "Q2920812",
      "links": {
        "self": {
          "href": "https://example.com:3121/st/console/api/v1.0/patches/5033"
        }
      },
      "patchIds": [
        "0000df6d-0000-0000-0000-000000000000",
        "0000dfb5-0000-0000-0000-000000000000",
        "0000dfd4-0000-0000-0000-000000000000"
      ],
      "patchType": "SecurityPatch",
      "releaseDate": "2015-03-10T00:00:00",
      "replacedBy": []
    }
  ]
}

Start a Patch Scan

This action is used to start a patch scan.

Input
Name Type Default Required Description Enum Example
credential_id string None False Credential ID None 01234567-89AB-CDEF-0123-456789ABCDEF
diagnostic_trace_enabled boolean None False An indication whether diagnostics tracing should be enabled during scan None False
hostnames []string None False Hostnames - Either hostnames or machine group IDs must be specified None hostname-1
machine_group_ids []string None False List of machine groups to scan. Either hostnames or machine group IDs must be specified None ["1", "2"]
max_poll_time integer 300 True Max poll time None 300
name string None False Name to be given to scan None test-scan
run_as_credential_id string None False Reference to a credential to use to start a scan. Overwrites RunAsDefault behavior None 01234567-89AB-CDEF-0123-456789ABCDEF
template_id string None True Patch scan template ID None 01234567-89AB-CDEF-0123-456789ABCDEF
use_machine_credential boolean None False An indication whether to use machine credentials. If No is specified, then either group-level credentials, default credentials or integrated Windows authentication credentials (in that order) will be used. This parameter is only used if an endpoint name is specified None False

Example input:

{
  "credential_id": "01234567-89AB-CDEF-0123-456789ABCDEF",
  "diagnostic_trace_enabled": false,
  "hostnames": "hostname-1",
  "machine_group_ids": [
    "1",
    "2"
  ],
  "max_poll_time": 300,
  "name": "test-scan",
  "run_as_credential_id": "01234567-89AB-CDEF-0123-456789ABCDEF",
  "template_id": "01234567-89AB-CDEF-0123-456789ABCDEF",
  "use_machine_credential": false
}
Output
Name Type Required Description
scan_details scan_details True Scan details

Example output:

{
  "scan_details": {
    "links": {
      "self": {
        "href": "https://localhost:3121/st/con..."
      }
    },
    "name": "",
    "scanType": "Patch",
    "startedOn": "2020-05-13T14:42:33.0044884Z",
    "updatedOn": "2020-05-13T14:42:33.0044884Z",
    "user": "NT AUTHORITY\\SYSTEM",
    "id": "01234567-89AB-CDEF-0123-456789ABCDEF",
    "isComplete": false
  }
}

Get Scanned Machine Details

This action is used to get scanned machine details.

Input
Name Type Default Required Description Enum Example
hostname string None True Hostname None hostname-1
scan_id string None True Scan ID None 01234567-89AB-CDEF-0123-456789ABCDEF

Example input:

{
  "hostname": "hostname-1",
  "scan_id": "01234567-89AB-CDEF-0123-456789ABCDEF"
}
Output
Name Type Required Description
detected_patches []detected_patch True Detected patches
patch_scan_machine patch_scan_machine True Patch scan machine

Example output:

{
  "patch_scan_status_details": {
    "consoleName": "hostname-1",
    "definitionDate": "2020-05-07T22:31:23.48",
    "expectedResultTotal": 1,
    "id": "f447bd51-de32-4bd6-a28e-ad834694d5ac",
    "isComplete": true,
    "links": {
      "machines": {
        "href": "https://localhost:3121/st/con..."
      },
      "self": {
        "href": "https://localhost:3121/st/con..."
      },
      "template": {
        "href": "https://localhost:3121/st/con..."
      }
    },
    "name": "API - ivanti-w16",
    "receivedResultCount": 1,
    "scanType": "Patch",
    "startedOn": "2020-05-12T21:53:55.28Z",
    "definitionVersion": "2.0.3.275",
    "updatedOn": "2020-05-12T21:53:57.78Z",
    "user": "WORKGROUP\\IVANTI-W16$"
  }
}

Get Patch Scan Status

This action is used to get patch scan status.

Input
Name Type Default Required Description Enum Example
scan_id string None True Scan ID None 01234567-89AB-CDEF-0123-456789ABCDEF

Example input:

{
  "scan_id": "01234567-89AB-CDEF-0123-456789ABCDEF"
}
Output
Name Type Required Description
patch_scan_status_details patch_scan_status_details True Patch scan status details

Example output:

{
  "detected_patches": [
    {
      "bulletinId": "MSNS18-05-4132216",
      "cultureName": "en-US",
      "kb": "Q4132216",
      "links": {
        "download": {
          "href": "https://localhost:3121/st/console/api/v1.0/patch/downloads/0001e03b-0000-0000-0000-000000000000?culture=en-US"
        }
      },
      "patchId": "0001e03b-0000-0000-0000-000000000000",
      "patchType": "SecurityPatch",
      "productId": "00003f1f-0000-0000-0000-000000000000",
      "productName": "Windows Server 2016 Standard",
      "scanItemId": 1100,
      "scanState": "FoundPatch",
      "servicePackName": "1607",
      "vendorSeverity": "Critical"
    },
    {
      "bulletinId": "MS18-11-SSU-4465659",
      "cultureName": "en-US",
      "kb": "Q4465659",
      "links": {
        "download": {
          "href": "https://localhost.com:3121/st/console/api/v1.0/patch/downloads/0001f77f-0000-0000-0000-000000000000?culture=en-US"
        }
      },
      "patchId": "0001f77f-0000-0000-0000-000000000000",
      "patchType": "SecurityPatch",
      "productId": "00003f1f-0000-0000-0000-000000000000",
      "productName": "Windows Server 2016 Standard",
      "scanItemId": 1101,
      "scanState": "FoundPatch",
      "servicePackName": "1607",
      "vendorSeverity": "Critical"
    }
  ],
  "patch_scan_machine": {
        "completedOn": "2020-05-12T21:53:57.71Z",
        "domain": "WORKGROUP",
        "errorNumber": 0,
        "id": 72,
        "installedPatchCount": 16,
        "links": {
          "patches": {
            "href": "https://localhost:3121/st/console/api/v1.0/patch/scans/f447bd51-de32-4bd6-a28e-ad834694d5ac/machines/72/patches"
          }
        },
        "missingPatchCount": 3,
        "missingServicePackCount": 1,
        "name": "hostname-1"
  }
}

Get Agents

This action is used to retrieve Agent from Ivanti Security Controls.

Input
Name Type Default Required Description Enum Example
agent_configuration_filter string All False Filters agents based on listening configuration ['Listening', 'Not Listening', 'All'] All
name_filter string None False Filters agents where host or DNS name equals this value None hostname-1

Example input:

{
  "agent_configuration_filter": "All",
  "name_filter": "hostname-1"
}
Output
Name Type Required Description
agents []agent_detail False List of agent details
count integer False Number of agents returned

Example output:

{
  "agents": [
    {
      "agentId": "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCD",
      "assignedPolicyId": "6b98cab4-1da7-4a4a-827b-bfd303e4c813",
      "domain": "WORKGROUP",
      "frameworkVersion": "9.4.34534.0",
      "isListening": false,
      "lastCheckIn": "2020-04-28T19:02:20.473",
      "links": {
        "checkin": {
          "href": "https://localhost:3121/st/console/api/v1.0/agenttasks/ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCD/checkin"
        },
        "queuedTasks": {
          "href": "https://localhost:3121/st/console/api/v1.0/agenttasks/ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCD/queuedTask"
        },
        "self": {
          "href": "https://localhost:3121/st/console/api/v1.0/agents/ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCD"
        },
        "status": {
          "href": "https://localhost:3121/st/console/api/v1.0/agents/ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCD/status"
        },
        "tasks": {
          "href": "https://localhost:3121/st/console/api/v1.0/agenttasks/ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCD/tasks"
        }
      },
      "machineName": "hostname-1",
      "reportedPolicyId": "6b98cab4-1da7-4a4a-827b-bfd303e4c813",
      "status": "Installed"
    }
  ],
  "count": 1
}

Get Agent Status

This action is used to retrieve Agent Status from Ivanti Security Controls.

Input
Name Type Default Required Description Enum Example
id string None True Agent Identifier None ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCD

Example input:

{
  "id": "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCD"
}
Output
Name Type Required Description
agent_status agent_status True Agent status with details

Example output:

{
  "agent_status": {
    "agentId": "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCD",
    "frameworkVersion": {
      "build": 34534,
      "major": 9,
      "majorRevision": 0,
      "minor": 4,
      "minorRevision": 0,
      "revision": 0
    },
    "installedPackages": [
      "AGENTASSET64"
    ],
    "lastCheckIn": "2020-04-28T15:05:48.1909093Z",
    "links": {
      "self": {
        "href": "https://localhost:3121/st/console/api/v1.0/agents/ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCD"
      }
    },
    "machineName": "iase-win10",
    "reportedOn": "2020-04-28T19:28:19.5756267Z",
    "runningPolicyId": "916f3bae-1667-4354-8203-234309e31e00",
    "runningPolicyVersion": 18005
  }
}

Get Agent

This action is used to retrieve Agent from Ivanti Security Controls.

Input
Name Type Default Required Description Enum Example
id string None True Agent Identifier None ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCD

Example input:

{
  "id": "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCD"
}
Output
Name Type Required Description
agent agent_detail True Details about an agent

Example output:

{
  "agent": {
    "agentId": "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCD",
    "assignedPolicyId": "6b98cab4-1da7-4a4a-827b-bfd303e4c813",
    "domain": "WORKGROUP",
    "frameworkVersion": "9.4.34534.0",
    "isListening": false,
    "lastCheckIn": "2020-04-28T19:02:20.473",
    "links": {
      "checkin": {
        "href": "https://localhost:3121/st/console/api/v1.0/agenttasks/ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCD/checkin"
      },
      "queuedTasks": {
        "href": "https://localhost:3121/st/console/api/v1.0/agenttasks/ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCD/queuedTask"
      },
      "self": {
        "href": "https://localhost:3121/st/console/api/v1.0/agents/ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCD"
      },
      "status": {
        "href": "https://localhost:3121/st/console/api/v1.0/agents/ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCD/status"
      },
      "tasks": {
        "href": "https://localhost:3121/st/console/api/v1.0/agenttasks/ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCD/tasks"
      }
    },
    "machineName": "splunk-724-w12",
    "reportedPolicyId": "6b98cab4-1da7-4a4a-827b-bfd303e4c813",
    "status": "Installed"
  }
}

Triggers

This plugin does not contain any triggers.

Custom Output Types

agent_detail

Name Type Required Description
Agent ID string True The agent ID
Assigned Policy ID string False The unique identifier of the policy that is in effect for this agent
DNS Name string False The DNS name of the agent machine
Domain string False The domain of the agent machine
Framework Version string False The installed agent framework version
Is Listening boolean False Specifies if the agent is a listening agent
Last Check-In string False The date and time of the most recent check-in
Last Known IP Address string False The last known IP address of the agent machine
Agent Links object False Shows the related URLs for the agent
Listening Port integer False The listening port number
Machine Name string False The agent machine's host name
Reported Policy ID string False The agent policy ID
Status string True The current status of the agent

agent_status

Name Type Required Description
Agent ID string True The agent ID
Framework Version object False The installed agent framework version
Installed Packages []string False The list of engines installed on the agent machine
Last Check-In string False The date and time of the most recent check-in
Agent Links object False Shows the related URLs for the agent
Machine Name string False The agent machine's host name
Reported On string False The time the information was gathered from the agent machine
Running Policy ID string False The agent's running policy ID
Running Policy Version integer False The agent's policy ID

detected_patch

Name Type Required Description
Bulletin ID string True Bulletin ID
Culture Name string True Culture Name
KB string True KB issued by the vendor of the patch
Links object False Shows the related URLs
Patch ID string True Patch ID
Patch Type string True Patch Type
Product ID string True Product ID
Product Name string True Product name
Scan Item ID integer True Scan ID of the patch summary
Scan State string True The state of the patch installation
Service Pack Name string True The name of the service pack to which the patch applies
Vendor Severity string True The vendor-defined severity of the security risk or issue that this patch corrects.

patch_scan_machine

Name Type Required Description
Completed On string False The date and time that the machine assessment was completed
Domain string False The domain short-name of the assessed machine
Error Description string False Description of the patch scan or resolution error
Error Number integer False An error code representing a resolution or assessment failure
ID integer False The unique identifier of the machine patch assessment
Installed Patch Count integer False The total number of installed patches found in the assessment
Links object False Shows the related URLs
Missing Patch Count integer False The total number of missing patches detected in the assessment
Missing Service Pack Count integer False The total number of missing service packs detected in the assessment
Host Name string False The resolved short-name or host name of the machine
Virtual Machine Path string False The virtual machine path if this is a hosted VM
Virtual Server string False The virtual machine server name if this is a hosted VM

patch_scan_status_details

Name Type Required Description
Console Name string True Console Name
Definition Date string False Definition Date
Definition Version string False Definition version
Expected Result Total integer True Expected result total count
Scan ID string True Scan ID
Is Complete boolean True Is Complete
Links object True Scan links
Scan Name string True Scan name
Received Result Count integer True Received result count
Scan Type string True Scan Type
Scan Start Time string True Scan start time
Update Time string True Update Time
Username string True Username

scan_details

Name Type Required Description
Scan ID string True Scan ID
Is Complete boolean True Is complete
Scan Links object True Scan links
Scan Name string False Scan name
Scan Type string True Scan Type
Scan Start Time string True Scan start time
Update Time string True Update Time
Username string True Username

Troubleshooting

This plugin does not contain any troubleshooting information.

Version History

  • 1.3.0 - New actions Create Patch Group and Add CVEs, Create Patch Scan Template
  • 1.2.1 - Added session credentials and changed polling method for Start Patch Scan
  • 1.2.0 - New actions Get Patch Deployment, Get Patch Details and Search Patches
  • 1.1.0 - Add actions Start Patch Scan, Get Patch Scan Status and Get Scanned Machine Details
  • 1.0.1 - Fix issue where Get Agents action does not include filters during paging
  • 1.0.0 - Initial plugin

Links

References

plugin_spec_version: v2
extension: plugin
products: [insightconnect]
name: ivanti_security_controls
title: Ivanti Security Controls
description: Ivanti Security Controls is a unified IT management platform used for managing and protecting through Patch Management, Application Control, and Asset Inventory functionality
version: 1.3.0
vendor: rapid7
support: rapid7
status: []
tags: [TEM, endpoint, patch]
hub_tags:
  use_cases: [application_management, threat_detection_and_response, asset_inventory, remediation_management]
  keywords: [TEM, endpoint, patch]
  features: []
resources:
  source_url: https://github.com/rapid7/insightconnect-plugins/tree/master/ivanti_security_controls
  license_url: https://github.com/rapid7/insightconnect-plugins/blob/master/LICENSE
  vendor_url: https://www.ivanti.com/
enable_cache: false

connection:
  host:
    title: Host
    description: Enter the hostname
    type: string
    required: true
    example: example.com
  port:
    title: Port
    description: Enter the port
    type: integer
    default: 3121
    required: true
    example: 3121
  credentials:
    title: Credentials
    description: Username and password
    type: credential_username_password
    required: true
    example: '{"username":"user1", "password":"mypassword"}'
  ssl_verify:
    title: SSL Verify
    description: Validate certificate
    type: boolean
    default: true
    required: true
    example: true

types:
  agent_detail:
    agentId:
      title: Agent ID
      description: The agent ID
      type: string
      required: true
    assignedPolicyId:
      title: Assigned Policy ID
      description: The unique identifier of the policy that is in effect for this agent
      type: string
      required: false
    dnsName:
      title: DNS Name
      description: The DNS name of the agent machine
      type: string
      required: false
    domain:
      title: Domain
      description: The domain of the agent machine
      type: string
      required: false
    frameworkVersion:
      title: Framework Version
      description: The installed agent framework version
      type: string
      required: false
    isListening:
      title: Is Listening
      description: Specifies if the agent is a listening agent
      type: boolean
      required: false
    lastCheckIn:
      title: Last Check-In
      description: The date and time of the most recent check-in
      type: string
      required: false
    lastKnownIPAddress:
      title: Last Known IP Address
      description: The last known IP address of the agent machine
      type: string
      required: false
    listeningPort:
      title: Listening Port
      description: The listening port number
      type: integer
      required: false
    machineName:
      title: Machine Name
      description: The agent machine's host name
      type: string
      required: false
    reportedPolicyId:
      title: Reported Policy ID
      description: The agent policy ID
      type: string
      required: false
    status:
      title: Status
      description: The current status of the agent
      type: string
      required: true
    links:
      title: Agent Links
      description: Shows the related URLs for the agent
      type: object
      required: false
  agent_status:
    agentId:
      title: Agent ID
      description: The agent ID
      type: string
      required: true
    frameworkVersion:
      title: Framework Version
      description: The installed agent framework version
      type: object
      required: false
    installedPackages:
      title: Installed Packages
      description: The list of engines installed on the agent machine
      type: "[]string"
      required: false
    lastCheckIn:
      title: Last Check-In
      description: The date and time of the most recent check-in
      type: string
      required: false
    machineName:
      title: Machine Name
      description: The agent machine's host name
      type: string
      required: false
    reportedOn:
      title: Reported On
      description: The time the information was gathered from the agent machine
      type: string
      required: false
    runningPolicyId:
      title: Running Policy ID
      description: The agent's running policy ID
      type: string
      required: false
    runningPolicyVersion:
      title: Running Policy Version
      description: The agent's policy ID
      type: integer
      required: false
    links:
      title: Agent Links
      description: Shows the related URLs for the agent
      type: object
      required: false
  patch_scan_machine:
    completedOn:
      title: Completed On
      description: The date and time that the machine assessment was completed
      type: string
      required: false
    domain:
      title: Domain
      description: The domain short-name of the assessed machine
      type: string
      required: false
    errorDescription:
      title: Error Description
      description: Description of the patch scan or resolution error
      type: string
      required: false
    errorNumber:
      title: Error Number
      description: An error code representing a resolution or assessment failure
      type: integer
      required: false
    id:
      title: ID
      description: The unique identifier of the machine patch assessment
      type: integer
      required: false
    installedPatchCount:
      title: Installed Patch Count
      description: The total number of installed patches found in the assessment
      type: integer
      required: false
    links:
      title: Links
      description: Shows the related URLs
      type: object
      required: false
    missingPatchCount:
      title: Missing Patch Count
      description: The total number of missing patches detected in the assessment
      type: integer
      required: false
    missingServicePackCount:
      title: Missing Service Pack Count
      description: The total number of missing service packs detected in the assessment
      type: integer
      required: false
    name:
      title: Host Name
      description: The resolved short-name or host name of the machine
      type: string
      required: false
    virtualMachinePath:
      title: Virtual Machine Path
      description: The virtual machine path if this is a hosted VM
      type: string
      required: false
    virtualServer:
      title: Virtual Server
      description: The virtual machine server name if this is a hosted VM
      type: string
      required: false
  scan_details:
    id:
      title: Scan ID
      description: Scan ID
      type: string
      required: true
    isComplete:
      title: Is Complete
      description: Is complete
      type: boolean
      required: true
    links:
      title: Scan Links
      description: Scan links
      type: object
      required: true
    name:
      title: Scan Name
      description: Scan name
      type: string
      required: false
    scanType:
      title: Scan Type
      description: Scan Type
      type: string
      required: true
    startedOn:
      title: Scan Start Time
      description: Scan start time
      type: string
      required: true
    updatedOn:
      title: Update Time
      description: Update Time
      type: string
      required: true
    user:
      title: Username
      description: Username
      type: string
      required: true
  patch_scan_status_details:
    consoleName:
      title: Console Name
      description: Console Name
      type: string
      required: true
    definitionDate:
      title: Definition Date
      description: Definition Date
      type: string
      required: false
    definitionVersion:
      title: Definition Version
      description: Definition version
      type: string
      required: false
    expectedResultTotal:
      title: Expected Result Total
      description: Expected result total count
      type: integer
      required: true
    id:
      title: Scan ID
      description: Scan ID
      type: string
      required: true
    isComplete:
      title: Is Complete
      description: Is Complete
      type: boolean
      required: true
    links:
      title: Links
      description: Scan links
      type: object
      required: true
    name:
      title: Scan Name
      description: Scan name
      type: string
      required: true
    receivedResultCount:
      title: Received Result Count
      description: Received result count
      type: integer
      required: true
    scanType:
      title: Scan Type
      description: Scan Type
      type: string
      required: true
    startedOn:
      title: Scan Start Time
      description: Scan start time
      type: string
      required: true
    updatedOn:
      title: Update Time
      description: Update time
      type: string
      required: true
    user:
      title: Username
      description: Username
      type: string
      required: true
  detected_patch:
    bulletinId:
      title: Bulletin ID
      description: Bulletin ID
      type: string
      required: true
    cultureName:
      title: Culture Name
      description: Culture name
      type: string
      required: true
    kb:
      title: KB
      description: KB issued by the vendor of the patch
      type: string
      required: true
    links:
      title: Links
      description: Shows the related URLs
      type: object
      required: false
    patchType:
      title: Patch Type
      description: Patch Type
      type: string
      required: true
    patchId:
      title: Patch ID
      description: Patch ID
      type: string
      required: true
    productName:
      title: Product Name
      description: Product name
      type: string
      required: true
    productId:
      title: Product ID
      description: Product ID
      type: string
      required: true
    scanItemId:
      title: Scan Item ID
      description: Scan ID of the patch summary
      type: integer
      required: true
    scanState:
      title: Scan State
      description: The state of the patch installation
      type: string
      required: true
    servicePackName:
      title: Service Pack Name
      description: The name of the service pack to which the patch applies
      type: string
      required: true
    vendorSeverity:
      title: Vendor Severity
      description: The vendor-defined severity of the security risk or issue that this patch corrects
      type: string
      required: true
  next:
    href:
      title: "HREF"
      type: string
      description: "Href"
      required: false
  links:
    next:
      title: "Next"
      type: next
      description: "Next"
      required: false
  links_self:
    self:
      title: "Self"
      type: next
      description: "Self"
      required: false
  vulnerability:
    bulletinId:
      title: "Bulletin ID"
      type: string
      description: "Bulletinid"
      required: false
    cve:
      title: "CVE"
      type: "[]string"
      description: "CVE"
      required: false
    id:
      title: "Patch ID"
      type: integer
      description: "Id"
      required: false
    isSupported:
      title: "Is Supported"
      type: boolean
      description: "Issupported"
      required: false
    kb:
      title: "Kb"
      type: string
      description: "Kb"
      required: false
    links:
      title: "Links"
      type: links_self
      description: "Links"
      required: false
    patchIds:
      title: "Patchids"
      type: "[]string"
      description: "Patch IDs"
      required: false
    patchType:
      title: "Patchtype"
      type: string
      description: "Patch Type"
      required: false
    releaseDate:
      title: "Releasedate"
      type: string
      description: "Release Date"
      required: false
    replacedBy:
      title: "Replaced By"
      type: "[]string"
      description: "Replacedby"
      required: false
  patch_deployment:
    completedMachineCount:
      title: Completed Machine Count
      description: Number of machines that has the deployment completed
      type: integer
      required: false
    creator:
      title: Creator
      description: Initiator of the deployment
      type: string
      required: false
    expectedMachineCount:
      title: Expected Machine Count
      description: Number of machines in this deployment
      type: integer
      required: false
    isComplete:
      title: Completed
      description: Completion status of the deployment
      type: boolean
      required: false
    lastUpdatedOn:
      title: Last Updated On
      description: Date of receipt of the last status update
      type: string
      required: false
    links:
      title: Links
      description: Shows the related URLs for the deployment, the machines and the template
      type: object
      required: false
    name:
      title: Name
      description: Name of the deployment template
      type: string
      required: false
    startedOn:
      title: Started On
      description: Deployment start date
      type: string
      required: false
    id:
      title: ID
      description: The unique operation identifier assigned to the patch deployment
      type: string
      required: true
  machine_deploy_state:
    address:
      title: Address
      description: The IP address of the machine
      type: string
      required: false
    completedPatches:
      title: Completed Patches
      description: The count of in-progress patches
      type: integer
      required: false
    dnsName:
      title: DNS Name
      description: The DNS name of the machine
      type: string
      required: false
    domain:
      title: Domain
      description: The domain name of the machine
      type: string
      required: false
    errorCode:
      title: Error Code
      description: The error code reported on failure by the machine
      type: integer
      required: false
    id:
      title: ID
      description: The unique machine identifier for the machine being deployed to
      type: integer
      required: false
    lastUpdated:
      title: Last Updated
      description: Specifies when the deployment status was last updated
      type: string
      required: false
    links:
      title: Links
      description: Shows the related URL for the deployment to the machine
      type: object
      required: false
    name:
      title: Name
      description: The hostname of the machine
      type: string
      required: false
    overallState:
      title: Overall State
      description: The overall state of the machine deployment
      type: string
      required: false
    patchStates:
      title: Patch States
      description: The status of each patch in the deployment
      type: "[]object"
      required: false
    statusDescription:
      title: Status Description
      description: A description of the status of the deployment
      type: string
      required: false
  patch_property_filter:
    customActions:
      title: Custom Actions
      description: Custom actions
      type: boolean
      required: false
    nonSecurityPatchSeverities:
      title: Non Security Patch Severities
      description: The non-security patch severities
      type: string
      required: false
    securityPatchSeverities:
      title: Security Patch Severities
      description: The security patch severities
      type: string
      required: false
    securityTools:
      title: Security Tools
      description: Security tools
      type: boolean
      required: false
  patch_filter:
    patchFilePath:
      title: Patch File Path
      description: The patch file path
      type: string
      required: false
    patchGroupFilterType:
      title: Patch Group Filter Type
      description: The patch's filter describes how this filter will be applied. The values can be Scan, Skip, or None
      type: string
      required: false
    patchGroupIds:
      title: Patch Group IDs
      description: The IDs of the patch groups to use
      type: '[]integer'
      required: false
    patchPropertyFilter:
      title: Patch Property Filter
      description: Patch property filter (security, non-security, critical, etc.)
      type: patch_property_filter
      required: false
    scanFor:
      title: Scan For
      description: Gets or sets the type of patches to scan for
      type: string
      required: false
    softwareDistribution:
      title: Software Distribution
      description: Is software distribution included in the scan
      type: boolean
      required: false
    vendorFamilyProductFilter:
      title: Vendor Family Product Filter
      description: Vendor and family product hierarchy
      type: object
      required: false
  patch_scan_template:
    creator:
      title: Creator
      description: The name of the person who created the template
      type: string
      required: false
    description:
      title: Description
      description: Provides a description that explains the purpose of this patch scan template
      type: string
      required: false
    id:
      title: ID
      description: Specifies the ID of the patch scan template
      type: string
      required: false
    isSystem:
      title: Is System
      description: Indicates if this is a system template
      type: boolean
      required: false
    links:
      title: Links
      description: Shows the related URLs for each patch scan template and for the usedby list
      type: object
      required: false
    name:
      title: Name
      description: Specifies the patch scan template name
      type: string
      required: false
    patchFilter:
      title: Patch Filter
      description: Specifies the mode
      type: patch_filter
      required: false
    path:
      title: Path
      description: The path that describes the location of the machine group within the Patch Scan Templates list in the navigation pane
      type: string
      required: false
    threadCount:
      title: Thread Count
      description: Specifies maximum number of machines that can be simultaneously scanned during one patch scan
      type: integer
      required: false
  patch_group:
    id:
      title: ID
      description: The patch group ID
      type: integer
      required: false
    links:
      title: Links
      description: Shows the related URLs for the patch group
      type: object
      required: false
    name:
      title: Name
      description: The name of the patch group
      type: string
      required: false
    path:
      title: Path
      description: The path that describes the location of the patch group within the Windows Patch Groups list in the navigation pane
      type: string
      required: false
actions:
  get_agent:
    title: Get Agent
    description: Retrieve Agent from Ivanti Security Controls
    input:
      id:
        title: Agent ID
        description: Agent Identifier
        type: string
        required: true
        example: ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCD
    output:
      agent:
        title: Agent
        description: Details about an agent
        type: agent_detail
        required: true
  get_agents:
    title: Get Agents
    description: Retrieve Agent from Ivanti Security Controls
    input:
      agent_configuration_filter:
        title: Agent Configuration Filter
        description: Filters agents based on listening configuration
        type: string
        enum:
        - "Listening"
        - "Not Listening"
        - "All"
        default: "All"
        required: false
        example: "All"
      name_filter:
        title: Name Filter
        description: Filters agents where host or DNS name equals this value
        type: string
        required: false
        example: "hostname-1"
    output:
      count:
        title: Count
        description: Number of agents returned
        type: integer
        required: false
      agents:
        title: Agents
        description: List of agent details
        type: "[]agent_detail"
        required: false
  get_agent_status:
    title: Get Agent Status
    description: Retrieve Agent Status from Ivanti Security Controls
    input:
      id:
        title: Agent ID
        description: Agent Identifier
        type: string
        required: true
        example: ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCD
    output:
      agent_status:
        title: Agent Status
        description: Agent status with details
        type: agent_status
        required: true
  start_patch_scan:
    title: Start a Patch Scan
    description: Start a patch scan
    input:
      hostnames:
        title: Hostnames
        description: Hostnames - Either hostnames or machine group IDs must be specified
        type: '[]string'
        required: false
        example: "hostname-1"
      machine_group_ids:
        title: Machine Group IDs
        description: List of machine groups to scan. Either hostnames or machine group IDs must be specified
        type: '[]string'
        required: false
        example: ["1","2"]
      diagnostic_trace_enabled:
        title: Diagnostic Trace Enabled
        description: An indication whether diagnostics tracing should be enabled during scan
        type: boolean
        required: false
        example: false
      credential_id:
        title: Credential ID
        description: Credential ID
        type: string
        required: false
        example: 01234567-89AB-CDEF-0123-456789ABCDEF
      name:
        title: Name
        description: Name to be given to scan
        type: string
        required: false
        example: "test-scan"
      run_as_credential_id:
        title: Run as Credential ID
        description: Reference to a credential to use to start a scan. Overwrites RunAsDefault behavior
        type: string
        required: false
        example: 01234567-89AB-CDEF-0123-456789ABCDEF
      template_id:
        title: Patch Scan Template ID
        description: Patch scan template ID
        type: string
        required: true
        example: 01234567-89AB-CDEF-0123-456789ABCDEF
      use_machine_credential:
        title: Use Machine Credential
        description: An indication whether to use machine credentials. If No is specified, then either group-level credentials, default credentials or integrated Windows authentication credentials (in that order) will be used. This parameter is only used if an endpoint name is specified
        type: boolean
        required: false
        example: false
      max_poll_time:
        title: Max Poll Time
        description: Max poll time
        type: integer
        default: 300
        required: true
        example: 300
    output:
      scan_details:
        title: Scan Details
        description: Scan details
        type: scan_details
        required: true
  get_patch_scan_status:
    title: Get Patch Scan Status
    description: Get patch scan status
    input:
      scan_id:
        title: Scan ID
        description: Scan ID
        type: string
        required: true
        example: 01234567-89AB-CDEF-0123-456789ABCDEF
    output:
      patch_scan_status_details:
        title: Patch Scan Status Details
        description: Patch scan status details
        type: patch_scan_status_details
        required: true
  get_scanned_machine_details:
    title: Get Scanned Machine Details
    description: Get scanned machine details
    input:
      scan_id:
        title: Scan ID
        description: Scan ID
        type: string
        required: true
        example: 01234567-89AB-CDEF-0123-456789ABCDEF
      hostname:
        title: Hostname
        description: Hostname
        type: string
        required: true
        example: "hostname-1"
    output:
      patch_scan_machine:
        title: Patch Scan Machine
        description: Patch scan machine
        type: patch_scan_machine
        required: true
      detected_patches:
        title: Detected Patches
        description: Detected patches
        type: '[]detected_patch'
        required: true
  search_patches:
    title: Search Patches
    description: Find and display detailed information about patch
    input:
      security_id:
        title: Security ID
        description: Security Vulnerability ID
        type: '[]string'
        required: true
        example: ["MS99-031", "Q240346", "CVE-2015-4485", "4693"]
    output:
      vulnerabilities:
        title: Vulnerabilities
        description: Details about an agent
        type: "[]vulnerability"
        required: true
  get_patch_details:
    title: Get Patch Details
    description: Retrieve information about a patch from Ivanti Security Control
    input:
      id:
        title: ID
        description: The vulnerability ID
        type: integer
        required: true
        example: 4693
    output:
      patch:
        title: Patch
        description: Detailed information about a patch
        type: vulnerability
        required: true
  get_patch_deployment:
    title: Get Patch Deployment
    description: Retrieve information about a specific patch deployment
    input:
      deployment_id:
        title: Deployment ID
        description: Patch deployment ID
        type: string
        required: true
        example: 5dbcb89f-eec3-4182-a9aa-1e6074fb0acb
      machine_id:
        title: Machine ID
        description: ID of a machine involved with a specific patch deployment
        type: integer
        required: false
        example: 7
    output:
      patch_deployment_details:
        title: Patch Deployment Details
        description: Detailed information about a specific deployment
        type: patch_deployment
        required: true
      machine_information:
        title: Machine Information
        description: Information about a machine involved with the patch deployment
        type: machine_deploy_state
        required: true
  create_patch_scan_template:
    title: Create Patch Scan Template
    description: Create a new patch scan template
    input:
      name:
        title: Name
        description: Name of the patch scan template
        type: string
        required: true
        example: ExamplePatchScanTemplate
      description:
        title: Description
        description: Description that explains the purpose of this patch scan template
        type: string
        required: false
        example: Patch Scan Template created from InsightConnect
      path:
        title: Path
        description: Path to the location of the machine group within the Patch Scan Templates list in the navigation pane
        type: string
        required: false
        example: Lab\Servers
      threadCount:
        title: Thread Count
        description: Specifies maximum number of machines that can be simultaneously scanned during one patch scan
        type: integer
        required: false
        example: 1
      patchGroupIds:
        title: Patch Group IDs
        description: The IDs of the patch groups to use
        type: '[]integer'
        required: true
        example: 1
    output:
      patch_scan_template:
        title: Patch Scan Template
        description: Detailed information about the patch scan template
        type: patch_scan_template
        required: true
  create_patch_group_and_add_cves:
    title: Create Patch Group
    description: Create a new patch group with CVEs
    input:
      name:
        title: Name
        description: The name of the new patch group
        type: string
        required: true
        example: New Patch Group
      path:
        title: Path
        description: The path that describes the location of the patch group within the Patch Templates and Groups list in the navigation pane
        type: string
        required: false
        example: Lab\Servers
      cves:
        title: CVEs
        description: The CVEs that should be included in the new patch group
        type: '[]string'
        required: true
        example: ["cve-2019-0701", "CVE-2019-0708"]
    output:
      patch_group:
        title: Patch Group
        description: Detailed information about the patch group
        type: patch_group
        required: true
Other plugins
McAfee Advanced Threat Defense
Rapid7   |   v1.5.0
Plugin
Get
Ivanti Security Controls
Rapid7   |   v1.3.0
Plugin
Get
Base64
Rapid7   |   v1.1.5
Plugin
Get
Fortinet FortiGate
Rapid7   |   v4.0.2
Plugin
Get
Jira
Rapid7   |   v6.0.0
Plugin
Get