Skip to main content

Response playbook

Open the Contrast console link — review the incident summary and recommended actions

Review the correlated attack events — understand the scope: how many attacks, how many source IPs, which endpoints

Follow the platform’s recommended actions

If recommended runbooks are provided, follow them

Assess whether the attack events indicate an ongoing campaign (multiple source IPs, repeated attempts) or a single incident

Escalate to AppSec with the incident ID and correlated evidence for remediation

If Block Mode is available: enable it for the affected rules and applications

Update the incident status in Contrast console as you progress through the response

In this section:

Was this helpful?

Would you like to provide feedback? Just click here to suggest edits.