🎇Mitigations

Overview

The Mitigation page displays a history of all actions you have taken within Arnica. If you have set Arnica to automatically mitigate excessive permissions, Arnica’s automated actions will be displayed here. Each Mitigation event is described including the assets included in the action, the action taken, and the user who mitigated.

Reversing Mitigations

These Mitigations can be reversed by selecting the reverse icon. The exact steps taken to reverse a Mitigation will vary based on the original Mitigation action and are subject to the user defined policy settings within the policy page, but in all cases, the purpose of Mitigation reversal is to return the configuration or permissions to their state prior to mitigating. Note that Arnica Mitigations are taken to reduce risks within your organization, and that reversing a Mitigation could result in re-introduction of a previously corrected risk.

Important to mention that permissions can be provisioned via self-service, as defined in the Self-Service section in the Policy page. The use case for reversing a Mitigation is rare, and should be used as a break-glass solution only.

The following elements will be displayed within the Mitigation page:

Resource:

The resource column displays the asset (e.g. repository, branch) which has been impacted by the mitigation.

Mitigation Status:

This column will display the status of mitigation and will update in real time as the Mitigation task is completed. This status can display the following options:

  • In Progress (Arnica is currently processing the mitigation)

  • Mitigated (Mitigation complete)

  • Awaiting pull request approval (Mitigation task included creating a pull request that must be authorized)

  • Reversed (Mitigation was reversed)

Mitigation Action:

Displays the action taken at the time of Mitigation, also defined as the action that will be undone if the mitigation is reversed.

Users Losing Permissions:

All users or groups which will have their permission level reduced from the excessive level.

Users Keeping Permissions:

All users will retain the existing level of access. If all users have excessive access, this column will display “Admins Only”, suggesting that users with Admin or Maintain permissions will be the only contributors who retain the associated level of access.

If an identity or a team is added to the exceptions list (click on any identity or team and select "create exception") and a Mitigation action takes place, the identity or team will appear in this section as well.

Mitigated By

Lists the member who Mitigated the risk within the Arnica. This will display the email of the user who acted, or display “Arnica” if the mitigation task was automated.

Created

This column will display the original date of Mitigation within the Arnica tool. Updated:

This column will display the most recent date of update for the given Mitigation. This date will match the create date for all instant mitigations but may differ for Mitigations that required follow-up actions such as the authorizing of a Pull Request.

Reverse:

This icon will prompt the system to reverse all changes made in this Mitigation.

Last updated