0

1 Product Description 2
1.1 Process Overview 2
1.2 Features 2
2 Registration 4
3 Login 5
4 Forgot Password 6
5 Account Linking 8
Cloud Security Posture Management and Cloud Attack Emulation 9
Amazon Web Services 10
Microsoft Azure 11
Kubernetes Security Posture Management 16
6 Global Dashboard 18
7 Cloud Security Posture Management 20
7.1 Overview 20
7.2 Assessment 22
7.2.1 Overview 22
7.2.2 Assessment Report 24
7.3 Inventory 28
7.4 Compliance 29
8 Cloud Attack Emulation 32
8.1 Overview 32
8.2 Attack 37
8.3 Scenario 39
8.4 MITRE ATT&CK Coverage 39
9 Kubernetes Security Posture Management 41
9.1 Overview 41
9.2 Compliance 42
9.3 Vulnerabilities 44
9.4 Inventory 46
10 Settings 47
10.1 Personal 47
10.2 Organization 48
11 Help 53

mitigant.io 1
1 Product Description
Mitigant is a cloud infrastructure security solution to securely manage the cloud infrastructure
hosted in the public cloud providers, such as Amazon Web Services (AWS), Google Cloud Platform
(GCP), Microsoft Azure (Azure), and Kubernetes. It automatically detects and remediates security
vulnerabilities in the cloud resources due to misconfigurations and compliance violations. It takes
inventory of available cloud resources in the cloud infrastructure and monitors for any changes
within the cloud infrastructure. Mitigant also verifies the security mechanisms implemented in the
cloud infrastructure to ensure it is resilient against possible cloud attacks.

1.1 Process Overview

First, Mitigant requires read-only access to the user’s cloud infrastructure to gather information
about it and its configurations without the privilege to access confidential resources, such as files
or virtual machines. The information on cloud infrastructure and its configurations is then securely
stored and analyzed for misconfigured and non-compliant cloud resources. Finally, the information
on the cloud infrastructure could be accessed in the platform to help the users get better security
visibility of the available cloud resources. Support for organizational cloud infrastructure e.g. AWS
Organizations would soon be added, in the meanwhile each Mitigant account is capable of holding
multiple AWS and Azure accounts which can be manually added.

1.2 Features

1. Cloud Security Posture Management (CSPM)

Mitigant detects and remediates possible security threats in the cloud infrastructure due to
misconfigured and non-compliant cloud resources with cloud security best practices and
standards available in the market, such as the Center for Internet Security. It takes inventory
of available cloud resources and their configurations across various regions and stores it as
the saved state of cloud infrastructure.

Meanwhile, Mitigant monitors and highlights any changes in the cloud infrastructure by
comparing the saved state and the latest state of cloud infrastructure. It also monitors the

mitigant.io 2
 compliance of cloud infrastructure with cloud security regulations and best practices based
on the latest security assessment report.

2. Cloud Attack Emulation

Mitigant verifies the readiness of cloud infrastructures against possible cloud attacks by
emulating cloud attack actions and scenarios inside the cloud, such as ransomware
attacks. It injects reversible security faults into the cloud resources based on the Security
Chaos Engineering approach and MITRE ATT&CK Framework to emulate cyberattacks on
the cloud. The cloud attack emulation run’s result could show the security vulnerabilities in
the cloud security strategy, how the cloud attack happened, and how to prevent it in the
future.

3. Kubernetes Security Posture Management (KSPM)

Mitigant detects and remediates possible security threats in the Kubernetes clusters due to
misconfigured and non-compliant resources with Kubernetes security best practices and
security regulations available in the market. It takes inventory of available resources in the
clusters and their configurations across various regions.

Mitigant monitors the compliance of Kubernetes clusters with Kubernetes security best
practices and security regulations based on the latest security assessment report. It also
analyses the images used by the Kubernetes cluster’s containers for security vulnerabilities
based on the image’s dependencies.

mitigant.io 3
2 Registration

1. Navigate to https://app.mitigant.io/signup.
2. Enter the requested information with a working email address and a strong password.
3. Accept the terms and conditions and click the Sign-Up button to finalize the registration
process.
4. Please check the email address for an email containing a registration verification link and
click the Verify Email Address button to confirm the registration.

NOTICE: Check the email's spam folder for the registration confirmation email from Mitigant. The
confirmation email will expire within 1 hour after it is sent; therefore, complete the verification
process before expiry.

mitigant.io 4
3 Login

1. Navigate to https://app.mitigant.io/login.
2. Enter the correct email address and password combination.
3. Click the Login button.

mitigant.io 5
4 Forgot Password

1. Navigate to https://app.mitigant.io/forgot.
2. Enter the e-mail address used for the Mitigant account and click the Send button.

3. A reset password confirmation email is sent to the specified email address. Click the Reset
Password button to confirm the reset password request.
4. Once the reset password request is confirmed, enter the email address with its new
password for the Mitigant account, and ensure the entered new password is before clicking
the Save button.

mitigant.io 6
 5. Ensure the reset password process is successful by logging into Mitigant using the email
address and the new password.

NOTICE: Check the spam folder for the reset password verification email. The verification email will
expire within 1 hour of being sent; therefore, complete the verification process before the expiry
period.

mitigant.io 7
5 Account Linking
After the successful first-time login to Mitigant, the Account Linking page will link the user's cloud account with
the Mitigant account. Ensure the cloud account used has sufficient privileges to create the necessary
credentials for Mitigant.

1. Select the initial feature to connect the first cloud account to Mitigant.

a. Cloud Security Posture Management: Mitigant gathers information on cloud

infrastructure and its configuration metadata through the cloud service provider’s
API. The cloud infrastructure is analyzed through Mitigant’s rule engine to detect
security vulnerabilities in the cloud and compared with the previous state of cloud
infrastructure to detect unwanted changes in the cloud. Mitigant requires read-only
permission to list the cloud resources and their configuration metadata without
permission to access confidential information.

b. Cloud Attack Emulation: Mitigant runs cloud attack emulation scenarios in the
cloud infrastructure by injecting reversible security faults into the cloud. Once the
emulation is finished running, Mitigant will automatically revert the changes made
during the emulation to the cloud’s previous state. Mitigant requires limited read
and write permission to list, create, modify, and delete the cloud resources and their
configuration metadata without permission to access confidential information.

mitigant.io 8
 c. Kubernetes Security Posture Management: Mitigant gathers information on the
Kubernetes cluster and its configuration metadata through the Mitigant agent
installed in it. The Kubernetes cluster is analyzed through Mitigant’s rule engine to
detect security vulnerabilities in the cluster and compared with the previous state of
the Kubernetes cluster to detect unwanted changes in the cluster. Mitigant requires
read-only permission to list the Kubernetes cluster’s resources and their
configuration metadata without permission to access confidential information.

2. Based on the selected feature, follow the instructions to connect Mitigant with the cloud
account.

Cloud Security Posture Management and Cloud Attack Emulation

If Cloud Security Posture Management or Cloud Attack Emulation is selected, enter the cloud
account name and select the cloud service provider before clicking the Next button. Based on the
selected cloud account provider, follow the instructions to connect the cloud account to Mitigant.

mitigant.io 9
Amazon Web Services

1. Click the Launch Stack button and follow the instructions on the AWS CloudFormation to
create an IAM Role automatically.

2. Once the process is finished, copy the ARN of the newly created IAM role and paste it to the
Account Linking page’s IAM Role ARN field with no extra space at the end. Click the Submit
button to submit and start the account linking process.

mitigant.io 10
 3. Mitigant will start resource discovery and assessment processes, which will take
approximately 30 minutes. In the meantime, the user could log out while the account linking
process is running or click the Minimize button to minimize the account linking window.
Once the process is finished, an email will be sent to notify the user, where the user can
then access the Global Dashboard page.

Microsoft Azure

1. Go to Microsoft Azure’s Active Directory service. Then, click on the App registrations option
on the left navigation bar.

mitigant.io 11
 2. In the App registrations menu, click on the New registration button. Enter the application
anime and select Accounts in this organizational directory only option. Then, click the
Register button to create a new application.

3. Click the API permissions option on the left navigation bar, and click the Add a permission
button. Then click the Microsoft Graph option and select the Application permissions
option. Search and select Directory.Read.All and Policy.Read.All permissions and click the
Add Permissions button. Finally, click the Grand admin consent button.

4. Go to Microsoft Azure’s Subscriptions page and click a subscription that wants to be

analysed. Take notice of the subscription ID. Next, click the Access control (IAM) option on

mitigant.io 12
 the left navigation bar. Next, click the Add dropdown button and select Add role assignment
option.

5. Search and select the Reader role, and in the Members section, select the User, group, or
service principal option. Click the Select members option and type the application’s name
to select it. Click the Review + assign button to finalise the change. Repeat the same step
for assigning an additional Security Reader role to the application.

6. Go to Microsoft Azure’s Active Directory service. Click on the App registrations option on
the left navigation bar and click on the newly created application. Take note of the
Application (client) ID, Object ID, and Directory (tenant) ID.

mitigant.io 13
 7. Click on the Certificates and secrets option on the left navigation bar and click the New
client secret button. Specify the secret’s name and validity duration, which is recommended
to be six months. Take note of the Value column of the newly created secret.

8. Copy the Application (client) ID, Subscription ID, Directory (tenant) ID, and Secret value to
the appropriate fields in the Mitigant’s account linking page. Then, click the Submit button
to submit.

mitigant.io 14
 9. Click the Submit button to submit and start the account linking process.

10. Mitigant will start resource discovery and assessment processes, which will take
approximately 30 minutes. In the meantime, the user could log out while the account linking
process is running or click the Minimize button to minimize the account linking window.
Once the process is finished, an email will be sent to notify the user, where the user can
then access the Global Dashboard page.

mitigant.io 15
Kubernetes Security Posture Management

1. Select the Get Started with Mitigant KSPM button to connect the Kubernetes cluster to
Mitigant.

2. An agent must be installed to connect the Kubernetes cluster to Mitigant. Copy the code in
the instructions and paste it into the cluster’s shell terminal to install the agent. Ensure that
the Kubernetes cluster’s Helm version is newer than 3.8.0. Once the agent has been
installed, click the Verify Installation button to start the account linking process.

mitigant.io 16
 3. Mitigant then tries to verify the agent is established correctly by establishing the connection
with the Kubernetes cluster through the installed agent. Once the verification is successful,
Mitigant will show the Global Dashboard page.

mitigant.io 17
6 Global Dashboard
The Global Dashboard page shows the overview of all cloud accounts connected to Mitigant.

1. Navigate to https://app.mitigant.io/dashboard or click the Dashboard icon on the left

sidebar.
2. The Your Environment card shows the type and number of cloud accounts connected to
Mitigant.
3. The Number of Findings card shows the total findings across all cloud accounts.

mitigant.io 18
 4. The Most Risky Findings card shows the top ten most critical findings across all cloud
accounts.
5. The MITRE ATT&CK Tactics card provides an overview of Cloud Attack Emulation’s cloud
attack emulation action covered by Mitigant based on the MITRE ATT&CK framework.
6. The Protected Resources by Account card shows the number of cloud resources scanned
by Mitigant based on the cloud service provider type.
7. The Cloud-Native Environments card lists the cloud accounts connected to Mitigant with
the overview of the last scan’s result and date. Clicking the cloud account will show detailed
information about the cloud account and Mitigant's features it uses. The Add More Cloud
Environment button will bring you to the Settings page’s Cloud-Native Environment section
to manage the cloud accounts connected to Mitigant.

mitigant.io 19
7 Cloud Security Posture Management
Mitigant’s Cloud Security Posture Management monitors and analyzes the current cloud security posture for
security vulnerabilities due to misconfigurations and compliance violations. This Section uses the Amazon
Web Services cloud account view as an example.

7.1 Overview

The Overview page shows the main overview of the cloud infrastructure and the information on the latest
security assessment run.

1. Navigate to https://app.mitigant.io/app/aws/overview for the overview of an Amazon Web

Services account, https://app.mitigant.io/app/azure/overview for the overview of a
Microsoft Azure account, or click the Dashboard icon under the Cloud Sec Assessment
menu on the left sidebar.
2. The Security Score card shows the overall security score of the cloud infrastructure.

mitigant.io 20
 3. The Top Most Risky Findings card shows the top 10 most severe findings detected in the
cloud infrastructure at the last security assessment.
4. The Top 10 Attack Emulations card shows the top 10 cloud attack actions recommended
to run in the cloud infrastructure to improve the cloud’s cyber resilience.
5. The Distribution of AWS Services card provides the distribution of available cloud
resources from various AWS services in all AWS regions.
6. The Findings by AWS Regions card provides the distributions of the findings generated
across AWS regions.
7. The Compliance card provides the compliance percentage of the selected cloud security
best practices and standards.

8. The Global Resource & Findings map shows the distribution of cloud resources available
and the generated findings across cloud regions.
9. The Findings by AWS Services card provides the distributions of the findings generated
across AWS services.

mitigant.io 21
 10. The Resource Summary section offers an overview of the currently available cloud
resources in the cloud account and how they compare with the latest secure state stored in
Mitigant.
11. The account number on the top presents the current cloud account currently shown in
Mitigant’s user interface. Clicking on the account number will allow you to navigate to other
cloud accounts connected to Mitigant.
12. The bell icon on the top shows the latest notifications on the Mitigant account, such as
notification that the assessment is finished or information on detected changes in the AWS
account.
13. Start a new assessment by clicking the Start Assessment button, which will take several
minutes. Once the assessment is finished, a notification will appear where it can access
the latest generated assessment report. The assessment could also be run on other pages
wherever the Start Assessment button appears.

7.2 Assessment

The Assessment page shows the historical information of the security assessments run over time.

7.2.1 Overview

The Overview page lists the generated security assessment reports over time.

mitigant.io 22
 1. For the overview of the cloud account’s assessment reports, navigate to
https://app.mitigant.io/app/aws/assessments for the Amazon Web Services account,
https://app.mitigant.io/app/azure/assessments for the Microsoft Azure account, or click
the Assessments option under the Cloud Sec Assessment menu on the left sidebar.
2. The Scores Timeline card progresses the security score from the security assessments
over time.
3. The Pass/Fail Findings card shows the comparison of the pass and fail findings generated
from the security assessments over time.
4. The last scan information tells when was the last security assessment run.
5. The Assessment page shows the total run assessments, the history of all the run
assessments, and the generated assessment reports.
6. Click the Refresh button to refresh the list of assessment reports and show the latest
progress on the latest assessment report currently running.
7. Click the View Findings button on an assessment report to show the complete result of the
previous run assessment.

mitigant.io 23
 8. The Identity Findings tab lists the findings related to the Identity and Access Management
(IAM) or equivalent services.

7.2.2 Assessment Report

The Assessment Report page shows the detailed result of the run assessment at a specific time. This page
uses the Amazon Web Services cloud account view as an example.

mitigant.io 24
 1. The Security Score card shows the overall security score of the cloud infrastructure at the
assessment time.
2. The Scanned Cloud Resources card shows the total cloud resources identified during the
assessment.
3. The Findings Statistics card shows the statistical information of the findings in the
assessment.
a. The Risky Findings card shows the total number of findings generated during the
assessment.
b. The New Findings card shows the number of new findings compared to the previous
assessment report.
4. The Findings Severity Distribution card shows the statistical distribution of the generated
findings based on their severity levels, from Low to Critical.
5. The Findings by AWS Services (findings 10) card shows the statistical distribution of AWS
services affected by the generated findings.
6. The Findings by AWS Regions (Top 10) card shows the statistical distribution of AWS
regions affected by the generated findings.

mitigant.io 25
 7. Click the Download This Report button to automatically generate and download the
assessment report. There are two types of reports available:
a. Comprehensive Report: The report will contain the full information about the
assessment report, including the statistics, the findings, and the remediation steps.
b. Executive Report (Simplified): The report will contain only the executive summary
about the assessment report, such as the statistics.

8. The assessment report contains the finding table, which contains the passed and failed
findings of the cloud resources. The passed finding means the cloud resource fulfills the
security rule check, while the failed finding means the cloud resource does not satisfy the
security rule check.
a. Clicking All Findings tab will show all findings with all severity types in the finding
table.
b. Clicking Risky Findings tab will show all findings with Low, Medium, High, and
Critical severities in the finding table.
c. Clicking Non-Risky Findings tab will show all findings with None severity in the
finding table.
9. The finding table can be filtered by AWS services, regions, cloud resource types, and
severity. It can also be sorted by clicking a column heading.
10. Expand one of the findings in the finding table to see detailed information about each
finding, including its severity level and how to remedy the finding.
11. Findings could be ignored so that they will not appear in future security assessments by
clicking the Ignore button for each finding and specifying the duration for which the finding
will be ignored. In addition, the process can ignore individual or multiple findings as a bulk.

mitigant.io 26
 12. Click the View Risk Accepted button to see the list of findings as the accepted risks.

13. The Risks Accepted interface allows the management of the list of findings as accepted
risks that are not shown in future assessment reports.
a. Current Assessment tab shows the accepted risks not shown in the selected
assessment report.
b. All Accepted Risks tab shows all accepted risks not shown in all assessment
reports.
14. The Accepted Findings section shows the total number of all accepted risks and their
distribution based on the severity levels.
15. The accepted risk could be reverted to appear in future assessments by clicking the Revert
button.
16. Click the View Active Findings button to see the list of the active findings in the selected
assessment report.

mitigant.io 27
7.3 Inventory

The Inventory page shows the available cloud resources in various cloud regions and the changes happening in
the cloud resources (Drift) by comparing the Cloud State (the latest state of cloud infrastructure) against the
Expected State (the cloud infrastructure’s state saved in Mitigant).

1. For the overview of cloud account’s infrastructure information, navigate to

https://app.mitigant.io/app/aws/aps for Amazon Web Services account or click on the Adv.
Posture Security option under the Cloud Sec Assessment menu on the left sidebar.
2. The Drifts by AWS Service card shows the overview of the drifts in the cloud resources by
comparing the number of resources in the Cloud State against the Expected state.
3. The Drift by Type section shows the statistics of the drift types happening in the cloud
infrastructure.

mitigant.io 28
 4. The Cloud Resources tab section shows the available cloud resources across various
cloud services in all regions.

a. Clicking one of the cloud resource types in the horizontal scrollbar will show all the
available cloud resources of the selected cloud resource type.
b. Clicking one of the cloud resources will show the detailed information of the
selected cloud resource.

5. The Drifted Resources button shows the newly created, deleted, or modified cloud
resources in the cloud infrastructure (Drift). It compares the latest state of cloud
infrastructure retrieved from the cloud (Cloud State) against the state of cloud
infrastructure stored in Mitigant (Expected State).
a. The drift can be filtered based on the cloud service, cloud region, resource type, and
the drift type (New - newly created cloud resource, Modified - modified cloud
resource’s configuration and Deleted - newly deleted cloud resource).
b. The information on the detected drift in cloud infrastructure will be highlighted.
c. Click the Run Drift Detection button to run the drift detection process manually.

mitigant.io 29
7.4 Compliance

The Compliance page monitors the compliance of cloud infrastructure with cloud security best
practices and standards based on the latest security assessment report.

1. For the overview of cloud account compliance with cloud security regulations and best
practices, navigate to https://app.mitigant.io/app/aws/compliance for Amazon Web
Services account, https://app.mitigant.io/app/azure/compliance for Microsoft Azure

mitigant.io 30
 account, or click on the Compliance option under the Cloud Sec Assessment menu on the
left sidebar.
2. The Reports tab presents the compliance overview of the cloud account based on the
latest security assessment report.
3. The Summary section shows the number of scanned cloud resources and compliant and
non-compliant cloud resources based on the latest security assessment report.
4. Each compliance card represents a cloud security best practice or standard containing the
compliance percentage of the cloud infrastructure, the total passed controls, and the total
failed controls. Click the star icon in the selected compliance card to show the card's
compliance score in the dashboard.
5. Clicking a compliance card will affect the Findings table, showing the failed findings
according to the selected compliance card from the latest security assessment report.

6. The Standards tab lists the security regulations and best practices supported by Mitigant

mitigant.io 31
8 Cloud Attack Emulation
Mitigant’s Cloud Attack Emulation automatically and safely emulates cloud attack actions or scenarios by
injecting reversible security faults into the cloud infrastructure to verify the cloud’s cyber resilience against
cyberattacks. This Section uses the Amazon Web Services cloud account view as an example.

8.1 Overview

The Overview page shows the general statistics of the emulated cloud attacks run by Mitigant’s Cloud Attack
Emulation and the information on the supported cloud attack actions and scenarios.

1. To overview the cloud account’s Cloud Attack Emulation, navigate to

https://app.mitigant.io/app/aws/emulation/overview or click the Overview option under the
Attack Emulation menu on the left sidebar.

mitigant.io 32
 2. The Attack by Status card shows the result distribution of the cloud attack emulation runs.
3. The Attacks by AWS Service card shows the distribution of the AWS services affected by
the cloud attack emulation runs.
4. The Attacks by ATT&CK Tactics card shows the distribution of the MITRE ATT&CK tactic
techniques used by the cloud attack emulation runs.
5. The Top 10 Attacks card shows the distribution of the cumulative counts of cloud attack
emulation type.
6. The Attacks by Type card shows the distribution of the types of cloud attack emulation
runs.

7. The Attacks Hub section lists the possible cloud attack emulation that can be run in the
cloud infrastructures. There are two types of available cloud attack emulation:
a. Attack Action: A single cloud attack emulation focusing on a cloud service or
resource type.
b. Attack Scenario: A combination of a maximum of three attack actions that will be
emulated consequently.
8. The Attack Actions tab lists attack actions categorized by cloud service types. Expanding
on the attack action card will show detailed information about the cloud attack action.

mitigant.io 33
 9. The Attack Scenarios tab shows the list of available attack scenarios. There are two attack
scenario types: Managed, which is an attack scenario preset available from Mitigant, and
Custom, which is a custom attack scenario created by Mitigant users. Clicking the attack
scenario card will show detailed information about the cloud attack scenario.

10. The Attack Recommendations tab shows the recommended cloud attack simulations
Mitigant users can run. Clicking the Run Attack button will emulate the selected attack
action/scenario.

mitigant.io 34
 11. Click the Start Attack button to emulate cloud attack(s) into the cloud infrastructure.
a. Select what type of cloud attack will be emulated by clicking the Attack Actions or
Attack Scenarios tab.
b. Double-click or drag and drop the selected attack action or attack scenario tab into
the Attack Steps section.
c. Enter the objective or the hypothesis of the emulated cloud attack(s) in the Attack
Objective field.
d. Click the Start Attack button to launch the cloud attack emulation.

mitigant.io 35
 12. Once the cloud attack emulation is finished running, the attack report will be generated
automatically.
a. Information on how the attack action is executed can be accessed by clicking the
Attack Steps tab.
b. The remediation steps to prevent or remediate the attack action can be accessed by
clicking the Attack Remediation tab.
c. The cloud log evidence of the emulated attack action happening in the cloud can be
accessed by clicking the Attack Evidence tab.

mitigant.io 36
 d. The Report Summary section shows the summary information of the emulated
cloud attack action(s) or scenario.
e. The information entered in the Attack Objective field before the cloud attack
emulation is launched will be shown in the Hypothesis text field, where it can be
edited by clicking the Edit button and Save button to save the hypothesis.
f. Based on the result of the cloud attack emulation run, the observation of the attack
can be written into the attack report by typing it into the Observations text field,
where it can be edited by clicking the Edit button and Save button to save the
hypothesis.
g. A background recovery process is triggered after 5 minutes to roll the resources
back to the steady state. The rollback sequence manually by clicking on the Recover
Attack button.
h. The Attack Path Analysis section shows the attack path diagram of the cloud attack
emulation run. Click the Download Graph button to download the attack path
diagram as an image file.

8.2 Attack

The Attack page shows the overview of the launched attack action(s) and the list of attack action reports.

mitigant.io 37
 1. To overview the cloud account’s attack action reports, navigate to
https://app.mitigant.io/app/aws/emulation/attack or click the Attack option under the
Attack Emulation menu on the left sidebar.
2. The Attack History card shows the graphical information of the attack action runs in the
past few months.
3. The Attack Actions Reports section shows the list of the attack action reports.
4. Click one of the attack action reports to access the previous run attack action(s)
information.
a. Click the View More Details button to access the full attack report of the attack
action run.
b. Click the Rerun button to emulate the attack action(s) again.
c. Click the Recover Attack button to manually recover the cloud state before the
attack action is launched.

mitigant.io 38
8.3 Scenario

The Scenario page lists the attack scenario(s) and attack scenario reports.

1. To overview the cloud account’s attack scenario reports, navigate to

https://app.mitigant.io/app/aws/emulation/scenario or click the Scenario option under the
Attack Emulation menu on the left sidebar.
2. Clicking the Attack Scenarios tab shows the list of available attack scenarios.
3. The Attack Scenario Reports tab lists the generated attack scenario reports. Click one of
the attack action reports to access the information from the previous run attack action(s).
a. Click the View More Details button to access the full attack report of the attack
scenario run.
b. Click the Rerun button to emulate the attack scenario again.
c. Click the Recover Attack button to manually recover the cloud state before the
attack scenario is launched.

8.4 MITRE ATT&CK Coverage

This MITRE ATT&CK Coverage shows the attack techniques that have been covered by Mitigant’s Cloud Attack
Emulation based on the MITRE ATT&CK framework.

mitigant.io 39
 1. To overview the matrix of MITRE ATT&CK framework’s attack technique covered by
Mitigant, navigate to https://app.mitigant.io/app/aws/security/mitre or click the MITRE
ATT&CK Coverage option under the Attack Emulation menu on the left sidebar.
2. The matrix shows the progress of MITRE ATT&CK technique implementation covered by
Mitigant.
a. The green card symbolizes the attack technique that Mitigant has already
implemented.
b. The blue card symbolizes the attack technique not yet implemented by Mitigant.

mitigant.io 40
9 Kubernetes Security Posture Management
Mitigant’s Kubernetes Security Posture Management (KSPM) monitors and analyzes the current Kubernetes
cluster security posture for security vulnerabilities due to misconfigurations and compliance violations.

9.1 Overview

The Overview page shows the high-level security posture of the Kubernetes clusters monitored by Mitigant.

1. To overview the cloud account’s Kubernetes Security Posture Management, navigate to

https://app.mitigant.io/app/k8s/overview or click the Overview option under the KSPM
menu on the left sidebar.

mitigant.io 41
 2. The Kubernetes Clusters section lists Kubernetes clusters connected to the Mitigant.
Clicking the Kubernetes cluster card will affect the other cards to show the information of
the selected cluster.
3. The Compliance Timeline card shows the compliance of the Kubernetes cluster with
security standards and best practices over time.
4. The Top 10 Failed Controls card shows the top 10 controls that the Kubernetes cluster
does not pass based on its severity level.
5. The Vulnerabilities Timeline card shows the number of vulnerabilities detected in the
Kubernetes cluster over time.
6. The Top 10 Severe Vulnerabilities card shows the top 10 most severe findings detected in
the Kubernetes cluster.
7. The Distribution of Resources card shows the distribution of resources available in the
Kubernetes cluster.
8. The Top 10 Resources card shows the top 10 resources in the Kubernetes cluster based on
the number of resources detected.

9.2 Compliance

The Compliance page shows the compliance of Kubernetes clusters with security regulations and best
practices.

mitigant.io 42
 1. To overview the Kubernetes cluster’s compliance with security regulations and best
practices, navigate to https://app.mitigant.io/app/k8s/compliance or click the Compliance
option under the KSPM menu on the left sidebar.
2. The Summary section shows the statistics of the security assessment done to the
Kubernetes clusters.
3. Kubernetes clusters are listed in the table that shows the information on the latest security
assessment for each cluster.
4. Click the View Report button to access the latest security assessment report.

5. The heading shows the basic information of the Kubernetes cluster’s assessment report.
6. The statistical information of the Kubernetes cluster’s assessment report consists of the
number of total failed findings and the distributions of findings.
7. Clicking the compliance card will show the list of findings according to the selected
compliance.
8. The findings can be filtered with various filter options, such as severity level, finding type,
and namespace.
9. The detailed information of the finding can be seen by expanding on each finding.

mitigant.io 43
9.3 Vulnerabilities

The Vulnerabilities page shows the containers' vulnerabilities in the Kubernetes clusters based on the
dependencies used in the images for the containers.

1. To overview the Kubernetes cluster’s container vulnerabilities, navigate to

https://app.mitigant.io/app/k8s/vulnerabilities or click the Vulnerabilities option under the
KSPM menu on the left sidebar.
2. The header section shows the statistics of the detected vulnerabilities in the containers of
all connected Kubernetes clusters.
3. The Vulnerabilities Timeline section shows the number of container vulnerabilities
detected over time.

mitigant.io 44
 4. The information on the vulnerabilities in the container can be filtered with various filter
options.

5. Clicking on one of the items listed in the table will show detailed information about the
vulnerability in the container.
a. The header section shows the statistics of the detected vulnerabilities in the
selected container.
b. The information on the selected container is shown to help distinguish the
container.
c. Click the Add to Registry Scan button to add the container to the registry scan of
the Kubernetes cluster.

mitigant.io 45
 d. The Vulnerabilities Timeline section shows the number of container vulnerabilities
detected in the Kubernetes cluster over time.
e. The list of the detected vulnerabilities in the container is displayed in the table.
Expanding on the item list will show the information on the detected vulnerability,
whereas clicking the name will redirect you to the third-party vulnerability
information page.

9.4 Inventory

The Inventory page lists available resources in the Kubernetes clusters.

1. To overview the Kubernetes cluster’s resource inventory, navigate to

https://app.mitigant.io/app/k8s/inventory or click the Inventory option under the KSPM
menu on the left sidebar.
2. The Kubernetes Resources Summary section shows the statistical information on the
various resource types in the Kubernetes cluster.
3. The information on the Kubernetes cluster’s resources can be filtered with various filter
options.

mitigant.io 46
10 Settings
The Settings page allows Mitigant admins and users to manage and personalize Mitigant’s
organization and user account.

10.1 Personal

The Personal Settings page allows all Mitigant user types to personalize their Mitigant accounts.

1. To access the personal settings of the Mitigant user account, navigate to

https://app.mitigant.io/app/settings/personal or or click the Personal option under the
Settings menu on the left sidebar.
2. The Account option shows the detailed information of the Mitigant user account. Click the
Send Feedback button to send feedback for Mitigant.

mitigant.io 47
 3. The Password option allows you to change the password of the Mitigant user account.
a. Enter the current password and the new passwords twice in the respective text
fields.
b. Click the Change Password button to apply the changes.

4. The Theme option allows you to change the theme preference to either a light theme, dark
theme, or follow the system theme.

10.2 Organization

The Organization Settings page allows only the Mitigant user account with administrator role to
personalize the Mitigant organization account.

mitigant.io 48
 1. To access the organizational settings of the Mitigant user account, navigate to
https://app.mitigant.io/app/settings/organization or click the Organization option under
the Settings menu on the left sidebar.
2. The Company Detail tab allows Mitigant organization administrators to manage the
organization's information.
a. Enter the information of the organization in the corresponding fields.
b. Click the Save Changes button to apply the changes.

3. The CSPM option allows to customize how the security assessments are run.

mitigant.io 49
 a. Select how often the scheduled security assessments are run by selecting the
option from the Assessment Frequency dropdown box.
b. Click the Save button to apply the changes.

4. The Attack Emulation option allows you to customize how the Cloud Attack Emulation
platform behaves. You can enable or disable auto recovery after Cloud Attack Emulation
runs to the steady state.

mitigant.io 50
 5. The Cloud-Native Environment Management option manages the cloud-native
environments connected to Mitigant.
a. To connect a new cloud-native environment to Mitigant, select the cloud provider
card of the cloud-native environment and follow the instructions.
b. Click the Star icon to make the cloud-native environment your favorite.
c. Click the Manage button to update the cloud-native environment’s credentials
access to Mitigant or disconnect it from Mitigant.

6. The Integrations option manages to integrate third-party applications and services to

Mitigant, such as Slack, Jira, Jenkins, or Github. The information or notifications generated
by Mitigant, such as assessment reports or findings, will be delivered to the integrated
third-party application and services.
a. Click on the third-party application/service icon that wants to be integrated with
Mitigant. A prompt will appear asking for authorization for Mitigant to be integrated
into the selected application/service.
b. The integrated third-party applications and services list can be seen in the
Integration List section. The integrated third-party application and service could also
be removed by clicking the Delete button.

mitigant.io 51
 7. The User Management option manages the Mitigant user accounts within the same
organization.
a. Click the Add New User button to add a new Mitigant user account and specify its
account type.
b. Click the Resend Invite button to resend the invitation to the newly created Mitigant
user account to join the organization.
c. Click the Delete button to delete and remove the Mitigant user account from the
organization.

mitigant.io 52
11 Help
The Help page provides the answers to the questions by Mitigant users and further information about Mitigant.

1. Navigate to https://app.mitigant.io/faq or click on the Help option on the left sidebar.

2. The Frequently Asked Questions section covers multiple questions from various topics that
can be accessed by clicking the topic and tab and expanding the question to reveal the
answers.
3. The Blog section provides the latest blog articles about Mitigant and the latest information
about cloud security.

mitigant.io 53
mitigant.io 54