Skip to main content

Explorer (Northstar)

The Explorer provides a comprehensive view of your organization's application layer to better understand your security posture. It helps you compare risks across applications and all their related entities.

  • Developers and AppSec teams can use the Explorer to better understand the applications they manage and their associated risk.

  • SOC Analysts can use the Explorer to better understand their organization's attack surface and risks.

Entities in Explorer are applications, servers, called APIs, and databases or datastores.

Explorer actions

From the details panels for application entities, you can:

  • Explore incidents and issues related to the selected applications.

  • Configure policies for Assess rules, ADR (Protect) rules, and exclusions.

Before you begin

The entities that you see in Explorer depend on the permissions you have to view specific resources, as defined in your access control settings.

View Explorer entities

  1. In the left navigation, select Explorer.

    The initial display shows a visual representation of the complete application layer for your organization.

    Application entities display the Contrast score to help you quickly see which areas in your application are most at risk.

    Image shows the score indicator on an application entity in Contrast Explorer

    Use your mouse, track pad, or other navigation device to zoom in on or move the view.

  2. To focus the view on a specific entity, enter a full or partial application name in the search bar.

  3. Select an entity to open its details panel:

    Entity

    Details

    Application

    Contrast score

    Issues: Number of issues associated with the application. Select the number to view the issues list.

    Incidents: Number of incidents associated with the application. Select the number to view the incidents list.

    Additional details:

    • Environment: The environment in which the application is running: Development, QA, or Production.

    • Language: The language that the application uses.

    • Last seen: The last date when Northstar observed application activity.

    • Policies: Select a link to view the current policy settings for Assess rules, Protect rules, and Exclusions.

    • Routes: Select the link to view the current route coverage for the application.

    Servers

    Type: The type of server associated with one or more applications.

    Agent language: The language of the agent used for applications associated with the server.

    Agent version: The version of the agent used for applications associated with the server.

    Called API

    Domain: The domain name for an API.

    Database

    Server address: The address for the server.

    System: The type of database, for example, MySQL.

    Server port: The number of the port the database is using to communicate with the server.

Refine the Explorer view

To refine the view, select the Filter icon (icon-filter.svg) to open the filter panel and select one or more filters and filter options. The available filters are:

  • Type: Type of entity: application, server, API, or database

  • Environment: Environment in which an application is running: Development, QA, or Production

  • Language: Languages for the applications you want to view

  • Open issue severity: Issue severity

  • Open incident severity: Incident severity

  • Application: Application name.

In this section:

The Contrast score represents the risk of an issue or incident at a particular point in time.  Contrast determines this score by using information from the Contrast SAST, IAST, SCA, ADR, and Observability technologies.

An issue is a collection of one or more observations and includes all Contrast data about a particular vulnerability or attack.

An incident is a collection of one or more issues and observations that demands an immediate response from the organization. Contrast creates incidents automatically based on ADR rules.