Map Application and Detection Response (ADR) rules to Assess findings (Northstar)
Contrast can correlate Assess findings with ADR rules. Doing so helps you make intelligent decisions about how to triage incidents and issues.
This workflow illustrates how to get the best results from this association.
Before you begin
If role-based access control is turned on, you need a role with these actions: Access protect and View applications.
If you are using organization users and groups, you need an Organization Admin role.
Configure ADR rules
Configure the mode and environment for the ADR (Protect) rules that you want to use:
From the left navigation, select Policies > ADR rules.
Select Configure the default policy at the top of the list.
Change the mode for specific rules to Block or Monitor.
Configure rule mapping
Choose the environment to which the rule mode applies:
Select Applications.
From the left navigation, under Administration, select Applications.
Under Map Protect rules to Assess finding, select an environment.
The default setting is Production.
Contrast applies the mode you configured for the mapped ADR rules to the selected environment.
Under Correlate ADR to Assess vulnerabilities, select an environment.
The default setting is Production.
Contrast applies the mode you configured for the mapped ADR rules to the selected environment.
Determine actions to take
As Contrast detects vulnerabilities, it displays them on the Vulnerabilities list. The Protected in environment column indicates the mode for the ADR rule mapped to each vulnerability. The column refers to the rule setting in the Contrast web interface.
A case could exist where a specific agent is misconfigured to set Protect to Off. In this case, that server won't be protected until Protect is configured to On.
Take action:
You can change the mode for a rule to Monitor or Block.
To change the mode for multiple rules at one time, change the rule modes at an organization level.