Skip to main content

View issues with Contrast NorthStar

Issues represent represent a security problem that you can fix in a single place. The information is most useful for AppSec staff and developers.

An issue comprises all the observations from the Contrast IAST and ADR technologies that Contrast correlates together.

How Contrast creates issues

Contrast automatically creates issues when an application instrumented with a Contrast agent is attacked. When Contrast detects a new vulnerability, it generates an issue. Any attack event that has a status of exploited, suspicious, or blocked also results in the creation of issues.

Before you begin

  • You need a role with the xyz action.

Steps

  1. To view a list of issues, from the left navigation, select Issues.

    To sort the view according to ascending or descending order, select the arrow (icon-arrow-up.svg icon next to a column heading.

    The list displays these details for each issue:

    • Severity: The severity that Contrast assigns to the issue.

    • Contrast score: The Contrast score represents the risk of an issue or incident at a particular point in time.  Contrast determines this score by using information from the Contrast SAST, IAST, SCA, ADR, and Observability technologies.

      Contrast uses the Common Vulnerability Scoring System Version Version 4 (CVSS 4) standard as the primary framework for calculating the score.

    • Issue: The issue type and location. For example, SQL Injection from "userid_6a" Parameter on "/WebGoat/SqlInjectionAdvanced/attack6a" page

    • Issue ID: An identifier that Contrast assigns to the issue. It has this format:

      ISS-<year>-<numberOfIssues>

      For example, ISS-2025-10 represents an issue that occurred in the year 2035 and was the 10th issue that Contrast reported.

    • Status: The status of the issue: Open or Closed.

    • Application: The name of the applications where Contrast observed the issue.

    • Number of observations: The number of times that Contrast observed this issue.

    • Last detected: The last time that Contrast detected the issue in the application.

    • Most recent incident: The date of the most recent incident associated with the issue.

  2. To view details about a specific issue, select it. The Overview tab shows these details:

    • Issue ID: The identifier that Contrast assigned to the issue.

    • Associated application: The application where Contrast observed the issue.

    • Severity: The severity level assigned to the issue.

    • Status: The status of the issue: Open or Closed.

    • First detected: The date when Contrast first saw the issue.

    • Last detected: The date when Contrast last saw the issue.

    • Rule: The

    • MITRE

  3. To view the activity log for incidents, select the Activity tab.

    1. To view all the activity from Contrast and activities related to issue changes, select the All tab.

      Use the Recent filter to change the order from most recent to oldest.

    2. To view comments, select the Comments tab

    3. To add a comment, enter the comment in the Add comments box and select the arrow icon.

  4. To view a list of Contrast observations, select the Observation tab. The list of observations includes these details:

    • Source IP: The IP address where an attack event originated.

    • Rule: The ADR rule associated with the issue.

    • Application: The name of the application affected by the attack event.

    • Server: The server associated with the application.

    • Detected: The date when Contrast saw an attack event.

    • Result: The action that Contrast took when it observed the attack event: Blocked, Exploited, Suspicioius, or Monitor.

    • URL:

    • Attack value

In this section:

Raw data that Contrast captures and uses to identify issues and incidents. Individual events or reports from our products, such as vulnerability, probe, attack, or observability come from all Contrast technologies: Contrast IAST, Contrast SCA (runtime and static), Contrast ADR, and Contrast Security Observability.