Enable Protect
Enabling Protect for users lets them access and see Protect data. Enabling Protect for servers lets applications use Protect to monitor and block attacks.
Note
If you enable Protect on servers with existing applications, restart the applications to have Protect take effect.
Before you begin
Go to Organization settings > Users and verify that you have permissions to access Protect data and settings.
For hosted customers, Contrast grants Protect permissions to organizations and user roles in the organization.
For on-premises customers, SuperAdmin, ServerAdmin, or System Administrator roles are required to grant Protect permissions for one or more organizations.
These roles can also configure which user roles have access to Protect data.
Ensure that you have licenses that you can apply to servers.
To enable Protect for users, an Organization Administrator role is required.
Let users access Protect data
Log in to Contrast.
Enable users to see and use Protect data:
In the user menu, select Organization Settings.
Select Users.
For each user who needs access to Protect data, turn on the Protect setting (
)To have the new setting take effect, tell users to log out of the Contrast web interface and log in again.
Enable Protect for servers
You can use configuration files, variables, or the Contrast web interface to configure the Protect setting. This procedure describes how to enable Protect in the Contrast web interface. YAML configuration and Environment variables describe how to use methods outside of the web interface to configure agent settings.
To configure a default Protect setting for new servers in selected environments:
If you use a method outside the Contrast web interface to configure the Protect setting for a specific server, that configuration overrides this default setting.
From the user menu, select Organization settings.
Select Servers.
Select an environment.
Under Protect, turn on the Protect setting.
Note
To automatically allocate licenses, an Organization Administrator or RulesAdmins role is required. This option is useful if you don't want to enable Protect for servers, one at a time.
Enable Protect for specific servers:
Select Servers in the header.
To enable Protect in the Contrast web interface, turn on the Protect setting (
). Use either of these methods:In the Servers list, turn on the setting in the Protect column.
In the Servers list, select a server name and in the Overview tab, turn on the Protect setting.
Note
If you use only the Contrast web interface to turn Protect on or off, the Protect setting for a specific server is green if ON and gray if OFF. You can change this setting in the Contrast web interface.
If you used a method external to the Contrast web interface to configure the setting for Protect (for example, an agent configuration file), the setting is green but disabled if ON and grey but disabled if OFF. You cannot change this setting in the Contrast web interface.
If the setting in the Contrast web interface is disabled, hover over the setting to see where it is configured. The order of precedence determines which setting Contrast uses as the effective configuration.
To verify that Protect is turned on for a specific server, in the Servers tab, select the server, select Overview and verify the Protect setting is green.
If one or more applications associated with the server are not configured to use Protect, a warning icon displays next to the Protect setting.
To determine if an application is using Protect on each server associated with it, go to the Applications page:
Select Applications in the header.
Select an application.
In the Overview tab, under each environment, if at least one server has Protect turned on, the bar next to the Protect setting indicates the Protect status for all servers associated with the application. A green bar represents the number of servers that are protected. A white bar represents the number servers that are not protected.
If no servers have Protect turned on, you see an Off icon (
).To see if the application is configured to use Protect for each server associated with it, select a section of the Protect setting bar to open a filtered view of the Servers list.
License behavior
Contrast applies Protect licenses automatically to servers when these conditions exist:
Protect is turned on for an organization.
Automatic application of Protect licenses is turned on for an organization and Protect is NOT enabled by a method external to the Contrast web interface (for example, an agent configuration file).
If Protect is enabled with a method external to the Contrast web interface, that effective configuration overrides the automatic licensing option in the Contrast web interface.
A server exists in one or more environments where automatic licensing is turned on.
If you also use the Protect setting in an agent configuration file, it overrides the license behavior in the following ways:
Protect is turned on in the agent configuration file
If Protect licenses are available when the application starts, you might notice the server is licensed for a very brief period of time. Contrast removes the license automatically as soon as the agent registers the application.
If no Protect licenses are available when the application starts, Contrast tries to apply a license to the server every time the agent communicates with Contrast.
Protect is turned off in the agent configuration file
If Protect licenses are available when the application starts, Contrast tries to apply a license to the server. When an agent registers an application with Contrast, it removes the license applied to the server.
If no Protect licenses are available when the application starts, Contrast doesn't apply a license to the server.