Mitigation controls policies
The Security Posture Control and the Mitigation Controls applications are required to view the mitigation controls and mitigation controls policies in the SPC. Both applications are available from the ServiceNow Store.
Refer to the following topics for more information about downloading and installing applications from the ServiceNow® Store.
- Download an application from the ServiceNow Store for the first time
- Install a Security Operations integration
To view the mitigation controls policies, users in the SPC Admin Group and SPC Analyst Group can navigate to in the SPC Workspace navigation panel.
The following mitigation controls policies are included with the application and are displayed along with the other SPC policies:
- SEH Overwrite
- Heap spray
- CrowdStrike NULL Page Allocation
- CrowdStrike Force DEP
- CrowdStrike Force ASLR
- Microsoft Defender Control Flow Guard
- Microsoft Defender force ASLR
- Microsoft Defender Mandatory ASLR and Bottom-up ASLR
- SentinelOne Application Control
- SentinelOne Data Files
- SentinelOne Executables
- SentinelOne Exploits
- SentinelOne IDR
- SentinelOne Detect Interactive Threat
- SentinelOne Detect Lateral Movement
- SentinelOne Static AI
- SentinelOne Static AI - suspicious
- SentinelOne Potentially unwanted applications
- SentinelOne Remote shell
- SentinelOne Reputation
Mitigation controls categories
The following categories of mitigation controls are currently supported with the SPC.
- Mitigation controls and policies required for Exploit Protection (EDR) mitigation controls.
- Exploit Protection (WAF) mitigation controls. You must create policies for AWS WAF. See Create a policy for the AWS WAF integration for mitigation controls monitoring for more information.