Skip to main content

Set server defaults at an organization level (Northstar)

Server settings provide default configurations to new servers (and their agents) that you add to Contrast. You can customize these configurations and set specific defaults for each environment.

Steps

  1. In the left navigation, under Administration, select Servers.

  2. Use the dropdown to choose the environment in which you want to apply the default (Development, QA, or Production). Check the box next to Set as default environment if you want to specify a default environment for future server configuration.

  3. Use the dropdown to choose the Log Level. The default log level selection is ERROR.

  4. Under Automatic server cleanup, enter the length of time that you would like servers to be offline before they are automatically cleaned up. The default value is 30 days.

    A background task runs every five minutes to check if there is an organization with automatic server cleanup enabled.

    If there are one or more servers with no activity received within the configured time frame, Contrast disables the servers automatically. They are no longer visible under Servers in the Contrast web interface.

    Contrast keeps Information on vulnerabilities and attacks related to these servers even after they're disabled. Protect licenses from disabled servers return to the pool of licenses.

  5. Under Assess, specify these settings:

    1. Select which stack traces should be captured (all, some or none).

    2. To optimize analysis performance, select Enable sampling for higher performance.

      • If Contrast sees the same URL being called multiple times, it analyzes the URL based on the the number of times specified in the Baseline setting.

      • Afterwards, if Contrast continues to see the same URL, it only checks it based on the Frequency setting.

      • Contrast retains samples for the number of seconds specified for the Window setting. After the time specified for the Window setting elapses, Contrast analyzes the URL again, according to the Baseline setting.

      Configure these settings:

      • Baseline: The number of times that Contrast analyzes URLs to complete sampling. The default setting is 5.

      • Frequency: The number of times that Contrast analyzes URLs after the Baseline is achieved. The default setting is 10.

      • Window: The number of seconds that Contrast retains samples before reverting to the Baseline. The default setting is 180.

  6. Under Protect, specify these settings:

    1. To enable Protect, turn on the Protect toggle.

      Important

      Turning Protect on selects the setting to apply Protect licenses to new servers automatically.

      Administrators receive emails each time a server is licensed. As servers go up and down frequently, you may want to setup an email filter for any unwanted traffic.

      In this section, the license bar shows the number of purchased Protect licenses in use. If you are using more licenses than you purchased, the license bar also shows the number of additional licenses in use.

    2. To turn on bot blocking, select  Enable bot blocking.

      Bot blocking blocks traffic from scrapers, attack tools and other unwanted automation.

      To view blocked bot activity, under Attacks > Attack Events, use the Automated filter option.

      Note

      You can configure bot blocking in the YAML files for Java, .NET Framework, .NET Core, Ruby, and Python.

    3. To send Protect events to syslog, select Enable output of Protect events to syslog.

      Configure these settings:

      • Enter the IP Address and Port in the given fields. Use the dropdown to chose the Facility.

      • Click on the event severity badges, and use the dropdown to choose a message Severity level for each one. The defaults are:

        • 1 - Alert for Exploited

        • 4 - Warning for Blocked

        • 5 - Notice for Probe

  7. To retain library details, turn on Retain Library Data. When enabled, Contrast retains library details for the last server being deleted from Contrast during server cleanup.

  8. To send agent data to Contrast, turn on Agent diagnostics toggle. Contrast uses this data to improve rules, performance, and to prioritize product improvements.

  9. To remove routes that are seen only on servers that are no longer active, turn on Enhanced server cleanup.

    Enhanced server cleanup is useful primarily if you have ephemeral servers and prefer to manage Assess results as unique, point-in-time scans of the application. For example, it could be beneficial if you use one server for one test run of a Contrast agent-instrumented application and don't expect to test run that application again for weeks or months.

    If, as a user of Assess and Application Vulnerability Monitoring (AVM), you continuously instrument your applications, use a route expiration policy instead. It allows for more flexibility and control over when stale routes are cleaned up, regardless of the status of the server the route was reported on. Route expiration is also a better choice for if you have long-running servers, as they are more likely to host multiple versions of the same application.

    Enhanced server cleanup:

    • Removes all servers except the last active server

      Contrast keeps the most recently active server for each application, even if all servers for an application are offline.

    • Remove routes that may no longer be seen in current builds of the application

    • Removes routes that are associated with no servers when the server is removed

    • Marks vulnerabilities that are associated with no servers as Verified-Auto-remediated when the server is removed

    • Updates the total count of routes and the denominator in route coverage

    • Updates total count of vulnerabilities based on the auto-verified status

In this section: