Set modes for CVE shields for organizations

When you add and configure an agent for an application in a Contrast organization, Contrast applies a set of default CVE shields.


Starting in August 2021, new organizations include an optimized set of CVE shields. This configuration is designed to provide the highest value to users, including enhanced performance.

Use this procedure to change the default settings for CVE shields at an organization level. These settings apply to any new application that you add to a Contrast organization. These changes have no affect on existing applications in the organization.

Before you begin
  • Ensure that you have an Organization Administrator or Organization RulesAdmin role.

  • Log in to or select the correct organization.


To change modes for CVE shields:

  1. Under the user menu, select Policy management.

  2. Select CVE shields.

  3. Select Configure the default policy.

    This image shows the link to configure default CVE shields
  4. For each CVE shield, select the dropdown for the environment where the application is hosted (Development, QA, and Production).

  5. Select one of the following modes:

    • Off: This mode disables the CVE shield entirely.

    • Monitor: In this mode, the CVE shield identifies and reports attacks.

    • Monitor at perimeter: In this mode, the CVE shield tries to identify and report a possible attack before the application can process it. This option is not available for all CVE shields.

    • Block In this mode, the CVE shield identifies, reports, and blocks attacks.