Ivanti Security Controls
Ivanti Security Controls is a patch management tool that manages and scans your machines, and generates security data from those machines. You can bring CVE, machine, patch, and product data from Ivanti Security Controls into Brinqa to gain a unified view of your asset inventory and attack surface, thus strengthening your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with Ivanti Security Controls and how to obtain that information from Ivanti. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select Ivanti Security Controls from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate Ivanti Security Controls with Brinqa:
-
Server name: Your organization's Ivanti SQL server name.
-
Port: The TCP (Transmission Control Protocol) or IP port number that is used to communicate with the SQL server. The default port is 1433.
Additional settings
The Ivanti Security Controls connector contains additional options for specific authentication and configuration:
-
Database name: The Ivanti database name. The default database name is SecurityControls.
-
Use Windows Authentication mode: Select this option to authenticate against the SQL server using Windows authentication. This option requires specifying the domain in the Domain field.
-
Domain: If using Windows Authentication, specify the Windows domain to authenticate in.
-
Username and Password: Specify the username and password of the SQL server account, which must have permissions to log in to the database and return data.
noteThe specified SQL server user account making queries must have
EXECUTEandSELECTpermissions in the Ivanti database schema. Ensure that these permissions are granted to avoid connectivity issues during data integration. For additional information on configuring object permissions, see the Ivanti documentation. -
advanceUri: Specify additional connection parameters or options for direct usage. You can use this option to configure encryption, specify the network protocol, or provide other SQL Server connection properties. For example:
-
If you want to ensure that the connection to your SQL Server is encrypted, you might specify a parameter like so:
jdbc:sqlserver://[servername]:[port];databaseName=[yourDatabaseName];encrypt=true;trustServerCertificate=trueThis configuration ensures that the data transmitted between the Ivanti Security Controls connector and the SQL Server is encrypted and that the SQL Server's SSL certificate is verified.
-
If you want to specify the number of seconds the driver waits for a SQL command to execute before timing out, the parameter might look like this:
jdbc:sqlserver://[servername]:[port];databaseName=[yourDatabaseName];queryTimeout=30;This configuration can help prevent SQL commands from running too long and causing the system to hang.
-
Types of data to retrieve
The Ivanti Security Controls connector can retrieve the following types of data from Ivanti:
Table 1: Data retrieved from Ivanti Security Controls
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Assessed Machine | No | Not mapped |
| CVE | Yes | Vulnerability Definition |
| Detected Patch State | No | Not mapped |
| Machine | Yes | Host |
| Patch | Yes | Solution |
| Patch Applies To | No | Not mapped |
| Patch Scan | Yes | Assessment |
| Product | No | Not mapped |
The Ivanti Security Controls connector does not currently support operation options for the types of data it retrieves.
For detailed steps on how to view the data retrieved from Ivanti Security Controls in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
CVE
Table 2: CVE attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| CVSSv2 | Local variable |
| CVSSv3 | Local variable |
| Id | uid |
| Name | name |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
Machine
Table 3: Machine attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| Asset DNS | dnsNames, privateDnsName, publicDnsName |
| Asset IP Address | ipAddresses, privateIpAddresses, publicIpAddresses |
| Asset Operating System | os |
| Domain | Local variable |
| Language | languages |
| Last Assessed Machine State Id | Local variable |
| Last Patch Assessed | Local variable |
| Name | name, hostnames |
| ProductId | Local variable |
| UID | uid |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
Patch
Table 4: Patch attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| CveId | type |
| Detected Patch State Id | Local variable |
| MachineId | targets |
| Patch Bulletin Id | Local variable |
| Patch Id | Local variable |
| Patch Installed On | installDate |
| Patch Released On | publishedDate |
| Patch Scan Id | Local variable |
| Patch Severity | severity, sourceSeverity |
| Patch Status | status, sourceStatus |
| Patch Title | name, Local variable |
| Patch Type | Local variable |
| Product Id | Local variable |
| Q Number | Local variable |
| Raw Patch Id | Local variable |
| UID | uid |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
Patch Scan
Table 5: Patch Scan attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| DefinitionDate | Local variable |
| DefinitionVersion | Local variable |
| EndedOn | lastStopped |
| IsScanCompleted | Local variable, lastScanStatus |
| Name | name |
| ScanTemplateName | Local variable |
| StartedOn | lastStarted |
| UID | uid |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
APIs
The Ivanti Security Controls connector does not use any API endpoints. Instead, it uses several Ivanti database views that can be queried to generate custom reports. Specifically, it uses the following views:
Assessed Machine
SELECT TOP (1000) [Id]
,[MachineId]
,[PatchScanId]
,[IPAddress]
,[AssessedOn]
FROM [SecurityControls].[Reporting2].[AssessedMachineState]
CVE
SELECT TOP (10) [Id]
,[Name]
,[CVSSv2]
,[CVSSv3]
FROM [SecurityControls].[Reporting2].[Cve]
Detected Patch State
SELECT TOP (10) [Id]
,[AssessedMachineStateId]
,[PatchId]
,[ProductId]
,[InstalledOn]
,[InstallStateId]
FROM [SecurityControls].[Reporting2].[DetectedPatchState]
Machine
SELECT TOP (10) [Id]
,[DnsName]
,[Domain]
,[Language]
,[Name]
,[OperatingSystemFamilyId]
,[ArchitectureId]
,[Distribution]
,[LinuxPlatformId]
,[ProductId]
,[LastKnownIP]
,[LastPatchAssessedOn]
,[LastAssessedMachineStateId]
,[LastPatchMachineGroupName]
,[AssignedGroup]
,[VirtualInventoryPath]
,[VirtualServerName]
FROM [SecurityControls].[Reporting2].[Machine]
Patch
SELECT TOP (10) [Id]
,[Bulletin]
,[QNumber]
,[BulletinTitle]
,[VendorSeverityId]
,[IsCustomPatch]
,[PatchTypeId]
,[ReleasedOn]
,[IavaId]
FROM [SecurityControls].[Reporting2].[Patch]
Patch Applies To
SELECT TOP (10) [PatchId]
,[ProductId]
,[CveId]
FROM [SecurityControls].[Reporting2].[PatchAppliesTo]
Patch Scan
SELECT TOP (10) [Id]
,[ConsoleName]
,[DefinitionDate]
,[DefinitionVersion]
,[EndedOn]
,[IsScanCompleted]
,[Name]
,[StartedOn]
,[ScanTemplateName]
,[User]
,[SourceTypeId]
,[ScanTypeId]
FROM [SecurityControls].[Reporting2].[PatchScan]
Product
SELECT TOP (10) [Id]
,[Name]
,[ProductLevelName]
,[ProductLevelOrder]
,[EndOfLifeOn]
FROM [SecurityControls].[Reporting2].[Product]
Changelog
The Ivanti Security Controls connector has undergone the following changes:
3.0.2
-
Changed the following attribute types on the Detected Patch State object from integer to string:
- ASSESSED_MACHINE_STATE_ID
- CVE_IDS
- CVE_RECORDS
- PATCH_ID
- PRODUCT_ID
3.0.1
- Changed the PATCH_ID and PRODUCT_ID attribute types on the Patch Applies To object from integer to string.
3.0.0
- Initial Integration+ release.