Technical Capabilities - Platform Wide
Which cloud providers does the Mitigant Platform support?
All Products (CSPM, KSPM, CAE):
- Amazon Web Services (AWS)
- Microsoft Azure
KSPM Additionally Supports:
- Self-hosted Kubernetes clusters (any distribution)
- Managed Kubernetes services (EKS, AKS, GKE)
- OpenShift, Rancher, K3s, MicroK8s
Multi-Cloud Capabilities:
- Single platform for all cloud providers
- Unified reporting and dashboards
- Cross-cloud security policies
- Consistent compliance framework
Learn more: Feature Release: Cloud Attack Emulation for Azure
Does the Mitigant Platform require agents?
No. All products are completely agentless:
CSPM:
- API-based monitoring
- No agents on VMs or containers
- Read-only access via cloud provider APIs
KSPM:
- Connects to Kubernetes API
- No DaemonSets or sidecars
- No performance impact on workloads
CAE:
- API-driven attack execution
- No software installation required
- Works through cloud service interfaces
Benefits of agentless architecture:
- Faster deployment (minutes, not weeks)
- No maintenance overhead
- No compatibility issues
- Works equally well for ephemeral and persistent infrastructure
- No performance impact on production workloads
- Reduced attack surface
How does the Mitigant Platform integrate with our SIEM?
The Mitigant Platform provides multiple integration options:
Event Log Export (All Products):
- Export security findings to your SIEM
- CAE automatically retrieves attack telemetry
- CSPM/KSPM export misconfiguration alerts
- Standard formats (JSON, Syslog)
Microsoft Sentinel Integration (CAE):
- Deep integration with Microsoft Sentinel
- Attack telemetry flows directly into Sentinel for analysis
- Bi-directional integration for enhanced detection and response
Learn more: Ultimate Combo: Cloud Attack Emulation meets Microsoft Sentinel
Sigma Rules (CAE):
- For each attack, Mitigant provides corresponding Sigma rules
- Standardized detection rules can be copied to any SIEM
- Saves time for detection engineers
- Helps remediate failed or misconfigured detection systems
Learn more: Cloud Attack Emulation & Detection Engineering: A Match Made in Heaven
Notification Integrations (All Products):
- Slack
- Microsoft Teams
- Jira
- PagerDuty
- Webhooks for custom integrations
API Access (All Products):
- RESTful API for programmatic access
- Integration into CI/CD pipelines
- Custom workflows and automation
- Attack-as-Code support (CAE)
What permissions does the Mitigant Platform need?
Mitigant follows the principle of least privilege, and requirements vary by product:
CSPM Permissions (Read-Only):
- Discover and inventory resources
- View cloud configurations
- Monitor for suspicious activities
- Examples:
ec2:Describe*,s3:GetBucketPolicy,iam:List*
KSPM Permissions (Read-Only):
- Access to Kubernetes API
- Read cluster configurations
- View pod and deployment specs
- No write permissions required
CAE Permissions BYOR, admin, and non-admin roles:
- You define the permissions through BYOR
- Controlled write permissions scoped to specific resources you authorize
- You can restrict by tags, accounts, regions, services, or resource types
- See the BYOR section below for detailed configuration options
Customization Options (CAE with BYOR):
- Restrict by resource tags: Only allow attacks on resources tagged.
- Restrict by account: Provide access only to non-production AWS accounts or Azure subscriptions
- Restrict by region: Limit operations to specific geographic regions
- Restrict by service: Grant access only to specific cloud services (e.g., S3 and EC2, but not RDS)
- Restrict by resource type: Allow access to VMs but not databases
- Set budget limits: Use IAM conditions to enforce cost controls
- Time-based restrictions: Implement time-of-day or maintenance window constraints
Implementation:
- Mitigant provides example IAM policies during onboarding
- You can modify templates to match your security requirements
- CloudFormation templates include documented permissions
- All required permissions are transparently listed—no hidden access