Skip to main content

Set Protect rules

You can set Protect rules that monitor or block attacks in your application environments.

When you add new applications, Contrast applies a set of default Protect rules to them. You can change the modes for an organization's default Protect rules.

Before you begin
Steps

  1. Select Applications in the header.

  2. Select an application name and select Policy.

  3. Select Protect.

    Image shows the policy tab and protect tab selected

  4. To find a specific rule, enter the rule name in the search box.

  5. For each rule, set the mode for each environment:

    1. Select the dropdown for each environment.

    2. Select one of these modes:

      • Off: This mode disables the rule.

      • Monitor: The agent identifies and reports attacks.

      • Block: The agent identifies, reports and blocks attacks.

        Important

        If an attack matches a rule and the mode for that rule is set to Block, the Java, .NET Framework, and .NET Core agents throw an AttackBlockedException.

        To ensure the application doesn't crash, edit the application to handle the AttackBlockedException.

      • Block at perimeter: The agent blocks a possible attack before the application can process it. This option is not available for all rules.

      • Monitor at perimeter: The agent attempts to identify and report a possible attack before the application can process it. This option is not available for all rules.

        If you block or monitor at the perimeter, the agent doesn't verify the attack at the sink. This action can lead to false positive results.

      Tip

      You can test policies by setting a different mode for a Protect rule in each environment. This action lets you see how various options work in pre-production and won't disrupt production defenses.

  6. To apply settings to multiple rules, use one of these methods:

    1. Select the checkbox next to each rule that you want to change and and select Change Mode.

    2. To change settings for all rules, select the Rules checkbox and select Change Mode.

      Image shows the Rules checkbox and the active Change Mode button

    3. In the Change Mode window, set the mode for each environment and select Save.

      Image shows window with options to set modes for Development, Test (QA) and Production.

  7. To set Protect rules for all applications in the organization that use a specific rule:

    This step requires an Organization RulesAdmin role.

    1. Select user menu > Policy management > Protect rules.

    2. To filter the list of rules, use the dropdown to filter the rules by language or the search field to find a rule by name.

    3. Select a rule name to manage settings for all applications that currently use the rule.

      Image shows grid with list of Protect rules with filter and search highlighted and the name of a rule highlighted.

    4. Use the dropdown to set the Protect mode for each environment.

      Image shows Protect rules grid with Block and Monitor mode settings in the Development, Test (QA) and Production columns.
In this section:

In data flow analysis, the sink is where data ends. A sink is any external format or location to which data is written.