License Type | SaaS & On-Premise |
Agent Mode | Assess & Protect |
Main Product Category | All Agents |
Sub Category | Connectivity |
Question
Contrast agents retrieve their policy and report all findings and attack events to the Contrast server. How do the agents react if the Contrast server is unavailable when they reach out?
Answer
There are slight variations in the Contrast agents behaviour between the different languages. The following breaks down how the agent behaves when the Contrast server is unavailable in 4 different scenarios:
- An agent starts up for the first time
- An agent starts up for the nth time (n > 1)
- An already running agent in Assess mode attempts to communicate
- An already running agent in Protect mode attempts to communicate
Java
If the Contrast Server is unavailable when: | |
An agent starts up for the first time |
The agent will disable itself, allowing the application to startup without it. |
An agent starts up for the nth time (n > 1) |
The agent will reuse the policy from a previous run that it has cached on the file system. |
An already running agent in Assess mode attempts to communicate | Findings are not reported to the Contrast server, but they may be written to disk if the agent's assess.save_results property is set to OnError and the assess.local_results_dir property set to the directory to which they'll be written. Findings are not subsequently sent to the Contrast server. |
An already running agent in Protect mode attempts to communicate | Attacks are not reported to the Contrast server, but they will still be written to the agent's security.log file and any configured syslog servers. Attacks will still be blocked pursuant to the policy retrieved prior to the outage. |
.NET
If the Contrast Server is unavailable when: | |
An agent starts up for the first time | The agent will disable itself, allowing the application to startup without it. |
An agent starts up for the nth time (n > 1) |
The agent will disable itself, allowing the application to startup without it. |
An already running agent in Assess mode attempts to communicate | Findings are not reported to the Contrast server. The agent will log an error and then continue its analysis. |
An already running agent in Protect mode attempts to communicate | Attacks are not reported to the Contrast server, but they will still be written to the agent's security.log file and any configured syslog servers. Attacks will still be blocked pursuant to the policy retrieved prior to the outage. |
Contrast Service (Node, Ruby, Python)
If the Contrast Server is unavailable when: | |
An agent starts up for the first time | The agent will disable itself, allowing the application to startup without it. |
An agent starts up for the nth time (n > 1) |
The agent will disable itself, allowing the application to startup without it. |
An already running agent in Assess mode attempts to communicate | Findings are not reported to the Contrast server. The agent will log an error and then continue its analysis |
An already running agent in Protect mode attempts to communicate | Attacks are not reported to the Contrast server, but they will still be written to the agent's security.log file and any configured syslog servers. Attacks will still be blocked pursuant to the policy retrieved prior to the outage. |