Set Protect rules for organizations

When you add and configure an agent for an application or create a new organization, Contrast applies a set of default Protect rules.

Note

Starting in August 2021, new organizations include an optimized set of Protect rules. This configuration is designed to provide the highest value to users, including enhanced performance.

Use this procedure to change the default settings for Protect rules at an organization level. Changing these settings affects new application that you add to a Contrast organization. These changes have no affect on existing applications in the organization.

Before you begin
  • Ensure that you have an Organization Administrator or Organization RulesAdmin role.

  • Log in and select the correct organization.

Steps
  1. Under the user menu, select Policy management.

  2. Select Protect rules.

  3. Select Configure the default policy.

    This image shows the link to configure default CVE shields
  4. For each Protect rule, select the dropdown for the environment where the application is hosted (Development, QA, and Production).

  5. Select one of the following modes:

    • Off: This mode disables the rule.

    • Monitor: The agent identifies and monitors attacks.

    • Block: The agent identifies, reports, and blocks attacks.

    • Block at perimeter The agent blocks a possible attack before the application can process it. This option is not available for all rules.

    • Monitor at perimeter: The agent attempts to identify and report a possible attack before the application can process it. This option is not available for all rules.