Overview
The Grip Posture Management module is designed to identify and address security gaps in your organization's most critical application configurations.
It provides a comprehensive view of app security posture, highlighting misconfigurations, prioritizing critical gaps, and offering mitigation steps. The module proactively minimizes risk by continuously monitoring app configurations and ensuring alignment with security best practices and compliance requirements.
SaaS Security Posture Management page
Click on Posture » Posture Management from the navigation menu.
The Posture Management page includes a summary and graphs that offer a quick overview of your SSPM status.
At the top of the page, three quick-view pie charts are displayed.
General Posture Score (1) - Displays an overview of the number of pass/fail policies
Lowest Scoring Tenants (2) - A summary pie chart of your connected tenants with the weakest scores helps you prioritize remediation efforts.
Top Failed Security Domains (3) - Displays the domain in which you have the most failed policies.
Under the Posture Checks tab (4), all posture checks are consolidated into a single, unified view across multiple apps and tenants.
It includes a centralized, filterable, and exportable table for all checks. This makes it simple to compare posture across tenants, apps, domains, and modules. Additionally, it provides quick access to the relevant tenant context, streamlining investigations.
Under the Drift Audit tab (5), you will find the audit for posture check changes.
Every posture transition is monitored, capturing what changed and when. This offers clear visibility into configuration changes across SSPM SaaS applications and addresses gaps where Pass/Fail posture shifts previously happened. It is crucial for audits and investigations.
Manage Tenant
On the Manage Tenants tab, you will see the list of Tenants and applications you added to your posture management.
Clicking on a Tenant will open it and enable you to view and manage its policies.
The default view displays High Severity Failed Policies (1), but you can select other filters to view only failed policies, pending, or all policies regardless of status.
Use the column headers (2) to organize the information by domain, modules, or other criteria.
In the Status column (3), you'll see whether the policy has Passed, Failed, or if it's "Undetectable" when Grip cannot assess it via API.
Clicking the menu (4) enables you to perform quick actions: view the policy, send a request to review, or create a ticket.
Note.
Policies are updated daily. The last update time is displayed at the top right. To perform a manual sync, click on “Sync Policies Status.”
View a policy
For each policy side panel, you can send the failed policy to the primary contact, power user, first known user (5), and create a Jira ticket (6) from that location.
We provide detailed information, including the policy Overview (7), recommended Mitigation steps (8), and Compliance details (9).
You can open or view a related Jira ticket from the Ticket tab (10).
The policy Status and Severity can be modified.
When changing a policy’s “Status” or “Severity,” you can add a comment describing the reason for the change (7).
Note that both can be undone by clicking the “Revert” icon (8).Clicking “Revert” will change the policy status to the latest automatically detected status
Send failed SSMP policies to application owners for resolution
If you do not own the app with the failed policy, you can request that the owner review and resolve the issue that caused it to fail.
Click on the policy and then on the “Send Request” button.
Select the contact to whom you want to send the policy. This can be the primary contact, power user, first known user, or any other contact you choose.
Click “Send.”
The recipient will receive an email from Grip requesting a review of a “misconfiguration in the app."
The email will also include recommendations for resolving the issue.
Policies that require a manual review include a web form where the app admin can indicate the policy's status and provide an auditable comment.
.png?sv=2022-11-02&spr=https&st=2026-02-05T16%3A45%3A51Z&se=2026-02-05T16%3A58%3A51Z&sr=c&sp=r&sig=nG5Oij8huX2EYGZtbdBZsdzLJPDDTj7HpH7Wi2s%2FUaE%3D)