Package: Invicti AppSec Core (on-demand), Invicti AppSec Enterprise (on-premise, on-demand)
Ivanti Integration
Ivanti is an IT service management and IT asset management platform used by organizations to manage service desk operations, change management, and IT workflows. The Invicti AppSec integration with Ivanti allows security teams to create and track tickets in Ivanti directly from discovered vulnerabilities, ensuring security findings are channeled through established ITSM processes.
Purpose in Invicti AppSec
Ivanti is used in Invicti AppSec as an Issue Manager — a tool for creating and tracking remediation tickets in external ITSM systems.
| Use Case | Description |
|---|---|
| Ticket creation from vulnerabilities | Create Ivanti service desk tickets directly from vulnerability findings in Invicti AppSec |
| Remediation tracking | Monitor the status of vulnerability remediation through the Ivanti ticket lifecycle |
| ITSM process alignment | Integrate security findings into existing change and incident management processes in Ivanti |
Where It Is Used
| Page | Navigation Path | Purpose |
|---|---|---|
| Integrations — Issue Managers | Integrations › Issue Managers | Admin activation and global configuration |
| Project Settings | Project › Settings › Issue Managers | Link Ivanti to a specific project for automated ticket creation |
| Vulnerability List | Project › Vulnerabilities | Manually create an Ivanti ticket for a specific vulnerability |
| Team Lead Integrations | Team Lead view › Integrations › Issue Managers | Team leads activate instances delegated by admins |
Prerequisites
Before activating the integration, gather the following credentials from your Ivanti instance:
| Field | Description | Required |
|---|---|---|
| Username | The Ivanti service account username used for API access | Yes |
| Password | The password for the Ivanti service account | Yes |
| URL | Your Ivanti instance URL (e.g., https://your-company.ivanti.com) | Yes |
Obtain Credentials (on the Ivanti Side)
Username and Password:
- Log in to your Ivanti instance as an administrator.
- Create or identify a dedicated service account for Invicti AppSec. Using a dedicated account is recommended for security and auditability.
- Ensure the service account has API access and permission to create and update tickets in Ivanti.
- Note the username and password for the service account.
Instance URL:
- Your Ivanti instance URL is visible in the browser address bar when logged in.
- Use only the base URL without any path (e.g.,
https://acme.ivanti.com). - Ensure the URL includes the protocol (
https://).
Activation Steps
Step 1: Navigate to Integrations
From the left sidebar, click Integrations.
Step 2: Open the Issue Managers Tab
On the Integrations page, click the Issue Managers tab.
Step 3: Find and Activate Ivanti
Locate the Ivanti card.
- If it is not yet activated, click Activate to open the settings drawer.
- If it is already activated, click the gear icon to reconfigure.
Step 4: Fill In the Required Fields
In the settings drawer, enter the required credentials:
| Field | Description | Required |
|---|---|---|
| Username | Ivanti service account username | Yes |
| Password | Service account password | Yes |
| URL | Your Ivanti instance base URL | Yes |
Step 5: Test the Connection
Click Test Connection. A green "Connection successful" message confirms that Invicti AppSec can reach your Ivanti instance with the provided credentials.
Step 6: Save
Click Save to complete the activation.
Summary
| Step | Action |
|---|---|
| 1 | Navigate to Integrations from the sidebar |
| 2 | Select the Issue Managers tab |
| 3 | Find Ivanti and click Activate (or the gear icon) |
| 4 | Enter Username, Password, and URL |
| 5 | Click Test Connection — verify the success message |
| 6 | Click Save |
Troubleshooting
| Issue | Resolution |
|---|---|
| Connection failed | Verify the username, password, and URL are correct. Ensure the Ivanti instance is reachable from the Invicti AppSec network. |
| 401 Unauthorized | The service account credentials are incorrect or the account lacks API access permissions. Check the account settings in Ivanti. |
| URL invalid | Ensure the URL contains the protocol (https://) and no trailing path. Use only the base URL. |
| Account locked | Repeated failed login attempts may lock the service account. Unlock it in Ivanti and reset the password if needed. |
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center