Skip to main content

Welcome to Contrast NorthStar

Contrast NorthStar offers a fresh way to look at your security data, bringing everything together into simple concepts. Instead of separate views for different security tools,Contrast NorthStar uses shared models to give you a unified picture. Let's take a look at the core building blocks that you'll find: Observations, issues, and incidents.

Observations

Think of Contrast NorthStar observations as individual security snapshots. They are the most basic piece of information Contrast NorthStar collects.

The main types of observations are:

  • Vulnerability detections from the Contrast IAST (Assess) technology.

  • Attack events from the Contrast ADR (Protect) technology.

  • Suspicious or malicious activity targeting your application.

You can view observation data in your lists for incidents and issues.

Issues

Issues represent a specific security problem that a developer can likely fix in one place. They bring together related observations from both the Contrast IAST and Contrast ADR technologies. Think of an issue as a container for all the evidence related to a single underlying security flaw.

Contrast NorthStar groups observations into issues based on these shared characteristics:

  • Organization: Issues are specific to a single organization for security and privacy reasons.

  • Application: Even if a problem appears in multiple applications, Contrast NorthStar creates a separate issue for for each application. A developer needs to address the issue in each application.

  • Rule: The specific security rule that triggered the vulnerability detection (from Contrast IAST technology) or the attack event (from Contrast ADR technology) must be the same for observations to be grouped into a single Issue.

  • Route: The location within the application where Contrast NorthStar found the vulnerability or the attack occurred must be the same (as determined by the Contrast agent) to link observations.

Contrast NorthStar can create issues or attack events even if it hasn't found a related vulnerability. This behaviors helps highlight active threats. Contrast NorthStar creates issues for all blocked attack events

You can view issues in the Contrast Insights dashboard and on the Issues page.

Incidents

Incidents represent significant security situations that require attention from a security operations center (SOC) team. Just as issues are collections of observations, incidents are collections of related issues. Contrast NorthStar creates incidents from issues when:

  • The issue contains at least one exploited or suspicious attack event observation.

  • The Contrast score for the issue's severity (based on CVSS v4) is greater than seven.

You can view incidents in the Contrast Insights dashboard and on the Incidents page.

See also

Contrast IAST technology

ADR technology

In this section:

The Contrast score represents the risk of an issue or incident at a particular point in time.  Contrast determines this score by using information from the Contrast SAST, IAST, SCA, ADR, and Observability technologies.