Activate mitigation controls policies and view detected mitigations

  • Release version: Washingtondc
  • Updated November 1, 2024
  • 1 minute to read

    • You must activate policies before you can view which threats to your assets are mitigated by available mitigation controls.

    Before you begin

    Verify you have reviewed Mitigation controls and policies required for Exploit Protection (EDR) and completed the requirements listed in Install and configure the CrowdStrike integrations for mitigation control monitoring, Install and configure the Service Graph Connector for Microsoft SCCM and the Microsoft Defender Mitigation Control Integration and Configure the F5 BIG-IP integrations for mitigation control monitoring.

    Roles required: SPC Admin Group and SPC Analyst Group.

    Procedure

    1. Navigate to Workspaces > Security Posture Control > Policies and findings > All.
    2. Activate the following policies.
      • SEH Overwrite
      • Heap spray
      • CrowdStrike NULL Page Allocation
      • CrowdStrike Force DEP
      • CrowdStrike Force ASLR
      • Microsoft Defender Control Flow Guard
      • Microsoft Defender force ASLR
      • Microsoft Defender Mandatory ASLR and Bottom-up ASLR
    3. To view assets with mitigations detected by Security Posture Control with the ‘Assets with MITRE mitigations’ widget on the dashboard, follow these steps.
      1. Navigate to Workspaces > Security Posture Control > Home.
      2. Under the Key insights section, review the Assets with MITRE mitigations widget.
      3. Select a mitigation category, Exploit Protection (EDR) or Exploit Protection (WAF) in the widget.
      4. You can see the list of assets with mitigations detected in that mitigation category.
      5. Select an asset.
      6. Select the Mitigation controls tab to see the details of the mitigation control detected.
      7. Select the Mitigated vulnerable items tab to see the list of vulnerable items mitigated by this mitigation control.
        Note:
        For this tab to be populated, the Vulnerability Response application must be installed and activated.