> ## Documentation Index
> Fetch the complete documentation index at: https://docs.osto.one/llms.txt
> Use this file to discover all available pages before exploring further.

# Frequently Asked Questions

> Answers to common questions about the Osto platform.

## What is Osto?

Osto is an all-in-one security platform that brings web & API protection, endpoint security (device, application, and domain control plus data leakage prevention), secure server access, vulnerability and code scanning, cloud security posture management, and compliance automation together in a single dashboard.

## How do I add my website to Osto?

1. Go to **Assets → Domains → Manage Domains** and click **Add Website**.
2. Enter your domain and click **Verify**, then add your origin server IP (or load-balancer domain) and choose your TLS versions and CDN usage.
3. Set up your certificate — let Osto **auto-generate** one (by adding the provided CNAME record to your DNS) or **upload your own** as a ZIP archive.
4. Point your domain's DNS to Osto as directed so traffic flows through protection.

See [Managing Websites & Subdomains](/how-to-guides/asset-management/managing-websites) for the full walkthrough.

## What's the difference between Detect Mode and Prevent Mode?

**Detect Mode** observes and logs traffic without blocking — useful when you first onboard a site. **Prevent Mode** actively blocks malicious requests. You can switch a website between the two from its row in **Manage Domains**.

## Can I apply multiple policies to a single user or website?

Yes. You can layer policies — for example, separate Device Control, App Control, Domain Filtering, and DLP policies for an endpoint group, or DDoS, Bot, and Advanced policies for a domain.

## What happens if I delete a website or user?

Deleting a website or user permanently removes its associated configuration, policies, and settings. This can't be undone, so back up anything you may need first.

## How long do DNS changes take to take effect?

It depends on your DNS provider and the record's TTL. Changes can appear within minutes but may take up to 24 hours to propagate fully. Set a low TTL (for example, 600 seconds) before making changes.

## Can Osto scan my code and applications?

Yes. The **Scanner** runs vulnerability scans on your websites (Web Scanner) and mobile app builds (App Scanner), and **Code Security → SAST** connects to GitHub, GitLab, or Bitbucket to run static analysis, dependency scanning, and secret detection across your repositories.

## Does Osto help with compliance?

Yes. **Compliance → AutoComply** activates a framework (such as SOC 2), maps out the required controls, generates company policies, tracks compliance tasks, and runs security awareness training for your employees.

## Where can I see activity and threats?

Under **Logs** — Web App Logs (threats, access, and policy violations), Secure Server Logs, Domain Filtering Logs, Incident Logs, Audit Logs (admin actions), and Auth Logs (sign-ins).
