Skip to main content

What is Osto?

Osto is an all-in-one security platform that brings web & API protection, endpoint security (device, application, and domain control plus data leakage prevention), secure server access, vulnerability and code scanning, cloud security posture management, and compliance automation together in a single dashboard.

How do I add my website to Osto?

  1. Go to Assets → Domains → Manage Domains and click Add Website.
  2. Enter your domain and click Verify, then add your origin server IP (or load-balancer domain) and choose your TLS versions and CDN usage.
  3. Set up your certificate — let Osto auto-generate one (by adding the provided CNAME record to your DNS) or upload your own as a ZIP archive.
  4. Point your domain’s DNS to Osto as directed so traffic flows through protection.
See Managing Websites & Subdomains for the full walkthrough.

What’s the difference between Detect Mode and Prevent Mode?

Detect Mode observes and logs traffic without blocking — useful when you first onboard a site. Prevent Mode actively blocks malicious requests. You can switch a website between the two from its row in Manage Domains.

Can I apply multiple policies to a single user or website?

Yes. You can layer policies — for example, separate Device Control, App Control, Domain Filtering, and DLP policies for an endpoint group, or DDoS, Bot, and Advanced policies for a domain.

What happens if I delete a website or user?

Deleting a website or user permanently removes its associated configuration, policies, and settings. This can’t be undone, so back up anything you may need first.

How long do DNS changes take to take effect?

It depends on your DNS provider and the record’s TTL. Changes can appear within minutes but may take up to 24 hours to propagate fully. Set a low TTL (for example, 600 seconds) before making changes.

Can Osto scan my code and applications?

Yes. The Scanner runs vulnerability scans on your websites (Web Scanner) and mobile app builds (App Scanner), and Code Security → SAST connects to GitHub, GitLab, or Bitbucket to run static analysis, dependency scanning, and secret detection across your repositories.

Does Osto help with compliance?

Yes. Compliance → AutoComply activates a framework (such as SOC 2), maps out the required controls, generates company policies, tracks compliance tasks, and runs security awareness training for your employees.

Where can I see activity and threats?

Under Logs — Web App Logs (threats, access, and policy violations), Secure Server Logs, Domain Filtering Logs, Incident Logs, Audit Logs (admin actions), and Auth Logs (sign-ins).