Exploit Protection (WAF) mitigation controls

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:5分

    • This category of mitigation controls covers mitigations available in the form of Web Application Firewall.

    Exploit Protection (WAF)

    Security Posture Control detects servers that are running behind the web application firewall (WAF) by using the API integration with WAF tools such as F5 BIG-IP (F5) and network traffic data from ITOM IP-based Discovery, if necessary.

    Mitigation control imports the Web ACL rules and all associated load balancers to determine which rules are protecting your virtual machines with the help of Discovery and Service Mapping patterns.

    Roles required: SPC Admin Group and SPC Analyst Group.

    Prerequisites for Exploit Protection (WAF) with F5 BIG-IP

    1. Verify that you have activated ITOM IP-based Discovery in the environment where F5 BIG-IP F5 WAF and associated application servers are setup.
    2. Verify that the API integration for F5 BIG-IP F5 is activated in the Security Posture Control Workspace.

    Prerequisites for Exploit Protection (WAF) with Amazon Web Services AWS

    Data for this integration is imported by the Discovery and Service Mapping Patterns [sn_itom_pattern] and the Mitigations Controls Monitoring [sn_sec_mit_ctrl] application. Both applications are required. Follow the steps below in the order they are listed so that you can import all the Web ACLs, the Web ACL rules, and the mitigation data required to help you confirm that a virtual machine is protected. See AWS discovery using patterns for more information about AWS discovery patterns.
    1. Define Web ACLs and rules in your AWS service account you want to use. See Using web ACLs in AWS WAF for more information.
      注:
      You can create your own Web ACL rules, however, you might prefer to use the AWS manged rules that are designed specifically to work with their Web ACLs. If you choose to create your own custom rules for Web ACLs, note that this integration with AWS WAF supports only attack types that match Contains SQL injection attacks and Contains XSS (cross site scripting) injection attacks. Load balancers are the assets (resources) supported by this integration.
    2. Install and activate the Discovery and Service Mapping Patterns [sn_itom_pattern] application in your instance so the names and default actions of the Web ACLs you defined in step 1 can be discovered. For more information, see Install the supported applications for Security Posture Control.
    3. Verify the sn_itom_pattern.discover_aws_app_pool_members MID Server system property is set to true. To activate this property, navigate to All > MID Server > Properties.
    4. Verify you have installed and activated the Mitigation Controls Monitoring [sn_sec_mit_ctrl] application. This application includes a pattern extension, Web ACL Rules and Associated Resources. This pattern extension permits you to import the actual Web ACL rules and their associations (relationships) to your resources (assets) into your instance.