Enable Protect

Enabling Protect for users lets them access and see Protect data. Enabling Protect for servers lets applications use Protect to monitor and block attacks.

Note

If you enable Protect on servers with existing applications, restarting the applications is required for Protect to take effect.

Before you begin
  • Go to Organization settings > Users and verify that you have permissions to access Protect data and settings.

    • For hosted customers, Contrast grants Protect permissions to organizations and user roles in the organization.

    • For on-premises customers, SuperAdmin, ServerAdmin, or System Administrator roles are required to grant Protect permissions for one or more organizations.

      These roles can also configure which user roles have access to Protect data.

  • Ensure that you have Protect licenses that you can apply to servers.

  • To enable Protect for users, an Organization Administrator role is required.

Steps
  1. To configure the Protect settings in the Contrast web interface, log in to Contrast.

  2. Enable users to see and use Protect data:

    1. In the user menu, select Organization Settings.

    2. Select Users.

    3. For each user who needs access to Protect data, turn on the Protect setting ( Image shows Protect setting turned on )

    4. To have the new setting take effect, tell users to log out of the Contrast web interface and log in again.

  3. Enable Protect on servers:

    Note

    To automatically apply Protect licenses for all new servers, an Organization Administrator or RulesAdmins role is required. This option is useful if you don't want to enable Protect for servers, one at a time.

    1. Select Servers in the header.

    2. Select a server.

    3. To enable Protect in the Contrast web interface, turn on the Protect setting ( Image shows Protect setting turned on ). Use any of the these methods:

      • Turn on the setting in the Protect column of the list of servers.

      • Select the server name and in the Overview tab, turn on the Protect setting.

      • Under Organization settings, select Servers, select an environment, and turn on the Protect setting.

      Important

      The Protect setting in an agent configuration file overrides the setting from the Contrast web interface.

  4. To verify that Protect is turned on for a specific server, in the Servers tab, select the server and then select Overview.

    If one or more applications that the server is hosting are not configured to use Protect, a warning icon displays next to the Protect setting.

    This image shows the setting for Protect turned on with a warning icon

  5. To determine if an application is using Protect on each server hosting it, go to the Applications page:

    1. Select Applications in the header.

    2. Select an application.

    3. In the Overview tab, under each environment, check that the Protect status is On.

      The number of servers hosting the application that have Protect turned on displays next to the Protect status in the format of x of y (for example, 11 of 17)

    4. To see if the application is configured to use Protect for each server hosting it, select the Protect status ( ProtectServerStatus.png ).

      If the application is not configured to use Protect on a specific server, a warning icon displays next to the server name.

      Image shows that an application is not configured for Protect on a specific server
  6. (Optional) Configure an application to use Protect:

    1. Update the Protect setting in the agent's configuration file to true.

    2. Restart your application to have Protect take effect.

      Once the application restarts, Contrast starts monitoring attacks, blocking attacks, and displaying attack data in the Contrast web interface.

    Important

    The Protect setting in the agent configuration file overrides the settings from the Contrast web interface.

License behavior

Contrast applies Protect licenses automatically to servers when these conditions exist:

  • Protect is turned on for an organization.

  • Automatic application of Protect licenses are turned on for an organization.

  • A server exists in one or more environments where automatic licensing is turned on.

If you also use the Protect setting in an agent configuration file, it overrides the license behavior in the following ways:

  • Protect is turned on in the agent configuration file

    • If Protect licenses are available when the application starts, you might notice the server is licensed for a very brief period of time. Contrast removes the license automatically as soon as the agent registers the application.

    • If no Protect licenses are available when the application starts, Contrast tries to apply a license to the server every time the agent communicates with Contrast.

  • Protect is turned off in the agent configuration file

    • If Protect licenses are available when the application starts, Contrast tries to apply a license to the server. When an agent registers an application with Contrast, it removes the license applied to the server.

    • If no Protect licenses are available when the application starts, Contrast doesn't apply a license to the server.