Use Explorer (Northstar)
The Explorer provides a comprehensive view of your organization's application layer to better understand your security posture. It helps you compare risks across applications and all their related entities.
Developers and AppSec teams can use the Explorer to better understand the applications they manage and their associated risk.
SOC Analysts can use the Explorer to better understand their organization's attack surface and risks.
Entities in Explorer are applications, servers, called APIs, and databases or datastore.
Explorer application actions
From the details panels for application entities, you can:
Explore incidents and issues related to the selected applications.
Configure policies for Assess rules, ADR (Protect) rules, and exclusions.
Before you begin
The entities that you see in Explorer depend on the permissions you have to view specific resources, as defined in your access control settings.
View Explorer entities
In the left navigation, select Explorer.
The initial display shows a visual representation of the complete application layer for an environment in your organization.
Application entities display the Contrast score to help you quickly see which areas in your application are most at risk.
Use your mouse, track pad, or other navigation device to zoom in on or move the view.
Select an environment to focus the view on entities in that environment only.
By default, Explorer shows the highest-priority environment that has Contrast data. For example, if you have applications running in the production environment, Explorer shows entities in that environment only. If you do not have anything running in the production environment, Explorer shows entities for the QA or Development environment, depending on which environment has data.
To focus the view on a specific entity and its connections, enter a full or partial entity name in the search bar.
The search results include the searched-for entity and any entities connected to it. The results also reflect filter settings.
Select an entity to open its details panel:
Entity
Details
Application
Issues: Number of issues associated with the application. Select the number to view the issues list.
Incidents: Number of incidents associated with the application. Select the number to view the incidents list.
Additional details:
Environment: The environment in which the application is running: Development, QA, or Production.
Language: The language that the application uses.
Last seen: The last date when Northstar observed application activity.
Policies: Select a link to view the current policy settings for Assess rules, Protect rules, and Exclusions.
Assess rules: Lets you view and change modes for Assess rules
ADR rules or Protect rules: Lets you view or change modes for ADR or Protect rules, depending on the type of licenses you purchased.
Exclusion rules: Lets you view and create application exclusions
Routes: Select the link to view the current route coverage for the application.
Servers
Type: The type of server associated with one or more applications.
Agent language: The language of the agent used for applications associated with the server.
Agent version: The version of the agent used for applications associated with the server.
Called API
Domain: The domain name for an API.
Database
Server address: The address for the server.
System: The type of database, for example, MySQL.
Server port: The number of the port the database is using to communicate with the server.
Libraries
Library entities represent either a root open-source library or a transitive dependency.
Root library entities show the number of dependencies. You can expand these entities to view all dependencies or just the next level of entities in the dependency chain.
The details panel for root library entities shows:
CVEs tab
CVE: CVE numbers linked to the NIST CVE description.
Score: The Contrast score
Library: The name of the affected library
Path: The path in the application to the library.
Dependencies tab: The Dependencies tab shows the dependency tree for the root library.
Entities for transitive dependencies show the name of the library. In some cases, you can expand these entities to view another level of dependencies.
The details panel for a transitive dependency entity can include:
Name: The name of the library.
Version: The library version.
Language: The library language.
Licenses: The name of the license that applies to the library. For example, Apache-2.0.
Released: The date the library was released.
Ancestors (if applicable): The libraries that uses the transitive dependency indirectly.
For example, If Library 1 calls Library 2, Library 1 is the ancestor of Library 2.
Issues (if applicable): A link to the issues that Contrast created.
Selecting a link opens the Issues view.
Direct CVEs (if applicable): CVEs that indicates a software flaw exists that lets an attacker take direct action, unauthorized access, or control of software.
Descendant CVEs (if applicable):
A descendant CVE is a vulnerability in a child process (descendant) of another process.
CVE link: A link to the NIST description of the CVE
Library: The name of the transitive dependency
Path: The path to the affected dependencies
Score: The CCVSS (Common Vulnerability Scoring System) score
Refine the Explorer view
To refine the view, select the Filter icon (
) to open the filter panel and select one or more filters and filter options. The available filters are:
Type: Type of entity: application, server, API, or database
Language: Languages for the applications you want to view
Open issue severity: Issue severity
Open incident severity: Incident severity
Application: Application name.