Skip to main content

Welcome to Northstar

Northstar offers a fresh way to look at your security data, bringing everything together into simple concepts. Instead of separate views for different security tools, Northstar uses shared models to give you a unified picture.

Let's take a look at the core building blocks that you'll find: Observations, issues, and incidents.

Note

Other important features of the Northstar release are Contrast Graph and the Contrast Score.

Observations

Think of Northstar observations as individual security snapshots. They are the most basic piece of information Northstar collects.

The main types of observations are:

  • Vulnerability detections from the Contrast AST technology.

  • Attack events from the Contrast ADR technology.

  • Suspicious or malicious activity targeting your application.

View observation data in the Incidents and Issues pages.

Issues

Issues represent a specific security problem that a developer can likely fix in one place. They bring together related observations from both the Contrast IAST and Contrast ADR technologies. Think of an issue as a container for all the evidence related to a single underlying security flaw.

Northstar groups observations into issues based on these shared characteristics:

  • Organization: Issues are specific to a single organization for security and privacy reasons.

  • Application: Even if a problem appears in multiple applications, Northstar creates a separate issue for for each application. A developer needs to address the issue in each application.

  • Rule: The specific security rule that triggered the vulnerability detection (from Contrast AST technology) or the attack event (from Contrast ADR technology) must be the same for observations to be grouped into a single Issue.

  • Route: The location within the application where Northstar found the vulnerability or the attack occurred must be the same (as determined by the Contrast agent) to link observations.

Northstar can create issues or attack events even if it hasn't found a related vulnerability. This behavior helps highlight active threats. Northstar creates issues for all blocked attack events

View issues in the Contrast Insights dashboard on the Issues page, and in Explorer.

Incidents

Incidents represent significant security situations that require attention from a security operations center (SOC) team. Just as issues are collections of observations, incidents are collections of related issues. Northstar creates incidents from issues when:

  • The issue contains at least one exploited or suspicious attack event observation.

  • The Contrast score for the issue's severity (based on CVSS v4.0 and Contrast technology) is greater than seven.

View incidents in the Contrast Insights dashboard, on the Incidents page and in Explorer.

See also

Contrast AST technology

ADR technology

Contrast workflows

In this section:

The Contrast score represents the risk of an issue or incident at a particular point in time.  Contrast determines this score by using information from the Contrast SAST, IAST, SCA, ADR, and Observability technologies.