How to Monitor Mitigation
Using the Mitigation page, you can view the list of endpoints and threat sources that are mitigated by Security Director Insights. To access this page, select Monitor > Insights > Mitigation. You can select an event and disable the mitigation, if enabled, and vice versa, as shown in Figure 1.
You can mitigate threat source IP addresses through ATP Cloud or Policy Enforcer. You must configure ATP Cloud or Policy Enforcer to enable the mitigation. For more information about mitigation settings, see Configure Mitigation Settings.
You can perform the following actions from the Mitigation page:
Source IP filtering—Select the Source IP Filtering option to view only the threat source IP addresses that are mitigated by Security Director Insights.
Endpoint IP filtering—Select the Endpoint IP Filtering option to view only the endpoint IP addresses that are mitigated by Security Director Insights.
Search—You can search for data based on the mitigation status, threat source or target IP addresses, and detection date.
Enable mitigation—If mitigation is disabled for an IP address, select an event for which you want to enable mitigation and click Enable Mitigation. The Status column shows whether the enable task is successful.
Disable mitigation—If you want to disable mitigation for an IP address, select an event for which you want to disable mitigation and click Disable Mitigation. The Status column shows whether the disable task is successful or not.