Exploit Protection (WAF) mitigation controls

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Exploit Protection (WAF) Mitigation Controls

    The Exploit Protection (WAF) mitigation controls provide a security framework utilizing a Web Application Firewall (WAF) to monitor and protect virtual machines. It integrates with tools like F5 BIG-IP and utilizes network traffic data from ITOM IP-based Discovery to ensure robust security posture.

    Show full answer Show less

    Key Features

    • API Integration: Connects with WAF tools to detect servers behind firewalls.
    • Web ACL Rules Import: Imports rules and load balancers to assess protection status.
    • Role Requirements: Access requires SPC Admin Group and SPC Analyst Group roles.

    Prerequisites

    • For F5 BIG-IP: Activate ITOM IP-based Discovery and API integration in the Security Posture Control Workspace.
    • For AWS: Install Discovery and Service Mapping Patterns applications, define Web ACLs in your AWS account, and ensure that specific system properties are set to true for proper discovery.

    Key Outcomes

    After completing the setup, users can effectively monitor and confirm the security status of virtual machines against SQL injection and XSS attacks, ensuring a fortified application environment.

    This category of mitigation controls covers mitigations available in the form of Web Application Firewall.

    Exploit Protection (WAF)

    Security Posture Control detects servers that are running behind the web application firewall (WAF) by using the API integration with WAF tools such as F5 BIG-IP (F5) and network traffic data from ITOM IP-based Discovery, if necessary.

    Mitigation control imports the Web ACL rules and all associated load balancers to determine which rules are protecting your virtual machines with the help of Discovery and Service Mapping patterns.

    Roles required: SPC Admin Group and SPC Analyst Group.

    Prerequisites for Exploit Protection (WAF) with F5 BIG-IP

    1. Verify that you have activated ITOM IP-based Discovery in the environment where F5 BIG-IP F5 WAF and associated application servers are setup.
    2. Verify that the API integration for F5 BIG-IP F5 is activated in the Security Posture Control Workspace.

    Prerequisites for Exploit Protection (WAF) with Amazon Web Services AWS

    Data for this integration is imported by the Discovery and Service Mapping Patterns [sn_itom_pattern] and the Mitigations Controls Monitoring [sn_sec_mit_ctrl] application. Both applications are required. Follow the steps below in the order they are listed so that you can import all the Web ACLs, the Web ACL rules, and the mitigation data required to help you confirm that a virtual machine is protected. See AWS discovery using patterns for more information about AWS discovery patterns.
    1. Define Web ACLs and rules in your AWS service account you want to use. See Using web ACLs in AWS WAF for more information.
      Note:
      You can create your own Web ACL rules, however, you might prefer to use the AWS manged rules that are designed specifically to work with their Web ACLs. If you choose to create your own custom rules for Web ACLs, note that this integration with AWS WAF supports only attack types that match Contains SQL injection attacks and Contains XSS (cross site scripting) injection attacks. Load balancers are the assets (resources) supported by this integration.
    2. Install and activate the Discovery and Service Mapping Patterns [sn_itom_pattern] application in your instance so the names and default actions of the Web ACLs you defined in step 1 can be discovered. For more information, see Install the supported applications for Security Posture Control.
    3. Verify the sn_itom_pattern.discover_aws_app_pool_members MID Server system property is set to true. To activate this property, navigate to All > MID Server > Properties.
    4. Verify you have installed and activated the Mitigation Controls Monitoring [sn_sec_mit_ctrl] application. This application includes a pattern extension, Web ACL Rules and Associated Resources. This pattern extension permits you to import the actual Web ACL rules and their associations (relationships) to your resources (assets) into your instance.