Exploit Protection (WAF) mitigation controls

  • Release version: Yokohama
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Exploit Protection (WAF) Mitigation Controls

    Exploit Protection (WAF) mitigation controls utilize a Web Application Firewall to enhance security by detecting servers behind the WAF using API integrations with tools like F5 BIG-IP and network traffic data from ITOM IP-based Discovery. This process helps in identifying which rules are safeguarding virtual machines.

    Show full answer Show less

    Key Features

    • Integration with WAF tools such as F5 BIG-IP for effective security posture management.
    • Utilization of Web ACL rules and load balancer data to analyze protection mechanisms for virtual machines.
    • Requires roles from the SPC Admin and SPC Analyst groups for proper functionality.

    Prerequisites

    For successful implementation of Exploit Protection (WAF), ensure the following:

    • Activate ITOM IP-based Discovery in the environment where F5 BIG-IP and associated application servers are configured.
    • Enable API integration for F5 BIG-IP within the Security Posture Control Workspace.
    • For AWS integration, install the Discovery and Service Mapping Patterns [snitompattern] and Mitigation Controls Monitoring [snsecmitctrl] applications.
    • Set the MID Server system property snitompattern.discoverawsapppoolmembers to true.

    Key Outcomes

    By following the outlined steps and ensuring the necessary prerequisites are met, customers will be able to:

    • Import Web ACLs and rules, enhancing the visibility and management of virtual machine protections.
    • Utilize AWS managed rules or create custom rules for specific attack types, including SQL injection and XSS attacks.
    • Leverage the capabilities of Discovery and Service Mapping to effectively monitor and manage application security.

    This category of mitigation controls covers mitigations available in the form of Web Application Firewall.

    Exploit Protection (WAF)

    Security Posture Control detects servers that are running behind the web application firewall (WAF) by using the API integration with WAF tools such as F5 BIG-IP (F5) and network traffic data from ITOM IP-based Discovery, if necessary.

    Mitigation control imports the Web ACL rules and all associated load balancers to determine which rules are protecting your virtual machines with the help of Discovery and Service Mapping patterns.

    Roles required: SPC Admin Group and SPC Analyst Group.

    Prerequisites for Exploit Protection (WAF) with F5 BIG-IP

    1. Verify that you have activated ITOM IP-based Discovery in the environment where F5 BIG-IP F5 WAF and associated application servers are setup.
    2. Verify that the API integration for F5 BIG-IP F5 is activated in the Security Posture Control Workspace.

    Prerequisites for Exploit Protection (WAF) with Amazon Web Services AWS

    Data for this integration is imported by the Discovery and Service Mapping Patterns [sn_itom_pattern] and the Mitigations Controls Monitoring [sn_sec_mit_ctrl] application. Both applications are required. Follow the steps below in the order they are listed so that you can import all the Web ACLs, the Web ACL rules, and the mitigation data required to help you confirm that a virtual machine is protected. See Amazon AWS Cloud components discovery using patterns for more information about AWS discovery patterns.
    1. Define Web ACLs and rules in your AWS service account you want to use. See Using web ACLs in AWS WAF for more information.
      Note:
      You can create your own Web ACL rules, however, you might prefer to use the AWS manged rules that are designed specifically to work with their Web ACLs. If you choose to create your own custom rules for Web ACLs, note that this integration with AWS WAF supports only attack types that match Contains SQL injection attacks and Contains XSS (cross site scripting) injection attacks. Load balancers are the assets (resources) supported by this integration.
    2. Install and activate the Discovery and Service Mapping Patterns [sn_itom_pattern] application in your instance so the names and default actions of the Web ACLs you defined in step 1 can be discovered. For more information, see Install the supported applications for Security Posture Control.
    3. Verify the sn_itom_pattern.discover_aws_app_pool_members MID Server system property is set to true. To activate this property, navigate to All > MID Server > Properties.
    4. Verify you have installed and activated the Mitigation Controls Monitoring [sn_sec_mit_ctrl] application. This application includes a pattern extension, Web ACL Rules and Associated Resources. This pattern extension permits you to import the actual Web ACL rules and their associations (relationships) to your resources (assets) into your instance.