- play_arrow Overview
- play_arrow Administration
- Add Insights Nodes
- About the Alerts Settings Page
- Create a New Alert Setting
- Configure System Settings
- About the Identity Settings Page
- Add JIMS Configuration
- Edit and Delete an Identity Setting
- Configure Mitigation Settings
- About the Threat Intelligence Page
- Configure Threat Intelligence Source
- Edit and Delete Threat Intelligence Source
- About the ServiceNow Configuration Page
- About the Backup & Restore Page
- Create a Backup File and Restore the Configuration
- Download and Delete a Backup File
- play_arrow Configure
- About the Log Parsers Page
- Create a New Log Parser
- Edit and Delete a Log Parser
- Import and Export Log Parsers
- About the Log Sources Page
- Add a Log Source
- Edit and Delete a Log Source
- View Log Statistics
- About the Event Scoring Rules Page
- Create an Event Scoring Rule
- Edit and Delete Event Scoring Rules
- About the Incident Scoring Rules Page
- Create an Incident Scoring Rule
- Edit and Delete Incident Scoring Rules
How to Monitor Mitigation
Using the Mitigation page, you can view the list of endpoints and threat sources that are mitigated by Security Director Insights. To access this page, select Monitor > Insights > Mitigation. You can select an event and disable the mitigation, if enabled, and vice versa, as shown in Figure 1.
You can mitigate threat source IP addresses through ATP Cloud or Policy Enforcer. You must configure ATP Cloud or Policy Enforcer to enable the mitigation. For more information about mitigation settings, see Configure Mitigation Settings.
You can perform the following actions from the Mitigation page:
Source IP filtering—Select the Source IP Filtering option to view only the threat source IP addresses that are mitigated by Security Director Insights.
Endpoint IP filtering—Select the Endpoint IP Filtering option to view only the endpoint IP addresses that are mitigated by Security Director Insights.
Search—You can search for data based on the mitigation status, threat source or target IP addresses, and detection date.
Enable mitigation—If mitigation is disabled for an IP address, select an event for which you want to enable mitigation and click Enable Mitigation. The Status column shows whether the enable task is successful.
Disable mitigation—If you want to disable mitigation for an IP address, select an event for which you want to disable mitigation and click Disable Mitigation. The Status column shows whether the disable task is successful or not.
