Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.osto.one/llms.txt

Use this file to discover all available pages before exploring further.

Once these four ideas are familiar, every other doc reads more easily.

Assets — what you’re protecting

Assets are the things in your environment Osto secures. You’ll find them under Assets in the left sidebar:
  • Domains — the websites, web apps, and subdomains you want Osto to protect. Manage the domains themselves and their TLS certificates.
  • Endpoint Users — the people in your organization, with the devices they use. Osto applies endpoint protection and access policies through this list.
  • Server Access — the servers Osto brokers access to:
    • Secure Server — a host where you install Osto’s agent directly so access is granted through Osto.
    • Secure Gateway — a Linux host that brokers access to multiple child servers behind it (no agent install needed per child).
  • APIs — discovered automatically from your protected domains and surfaced in dashboards under Insights. You don’t register APIs manually.
Every policy, scan, and compliance control eventually points back to one of these assets. Onboard them early — the rest of the platform unlocks once they’re in.

Objects — reusable building blocks

Objects are configurations you define once and reuse across many policies. They sit under Objects in the sidebar:
  • Domain Category — group domains for policy targeting (e.g. production sites, marketing sites).
  • Application — named applications used in App Control and DLP rules.
  • Port — named network ports referenced in access and firewall rules.
  • Schedule — time windows (e.g. business hours, maintenance windows) referenced in access policies.
Objects keep policies short and consistent. Change a domain category in one place and every policy targeting that category updates with it.

Policies — how Osto behaves

Policies attach security behavior to assets. The Policies section has three top-level sub-sections, organized by the asset type a policy applies to:
  • Endpoint Users → Device Control, App Control, Domain Filtering, Data Leakage Prevention (with App File Access), Global Policy — controls what users can run, plug in, browse to, and copy out.
  • Domains → Global Policies (DDoS, Bot) and Local Policies (Advanced, Custom Routing Rules, Policy Exceptions, API Discovery) — controls what reaches your websites and APIs, and how they’re inspected.
  • Server Access — the rules-list of who can reach which Secure Server (or child server behind a Secure Gateway), on which ports.
Customer-facing docs in this Knowledge Base cover these as three task-focused guides: the User Protection Policy, the Website Protection Policy, and the Secure Server Access Policy.
Defaults that ship out of the box. Osto comes with recommended defaults for every policy. You don’t have to configure anything for protection to start — you only tune what’s specific to your environment.

Modules you’ll work alongside

Beyond Assets, Objects, and Policies, several sidebar sections layer additional capabilities on top of the model:
  • Scanner — continuous vulnerability scanning for your domains (Web Scanner) and mobile apps (App Scanner).
  • Code Security — source-code static analysis (SAST), integrated into your CI/CD.
  • Posture Management → Cloud Security — connects AWS, Azure, and GCP for misconfiguration and drift detection.
  • Compliance — controls, tasks, frameworks, and Awareness Training for SOC 2, ISO 27001, HIPAA, GDPR, and PCI DSS, drawing evidence from every other module.
  • Logs — centralized records (Web App, Secure Server, Domain Filtering, Incident, Audit, Auth) usable for both daily monitoring and audit evidence.
  • Management — admin access and usage / billing.

Where to next