ottoBox: Incident Dashboard overview

/

The otto interface, ottoBox, has been designed to make testing, monitoring, alerts, and mitigation easy and intuitive to manage and get you back to building & releasing cool stuff faster.

Navigating inside ottoBox

Here are the three most important things to get started reviewing and managing your 3rd-party risks and vulnerabilities.

  • Incident Dashboard: Events can be reviewed in the Incident Dashboard. 
  • CSP Designer: Content Security Policies can be automatically generated, edited, tested, & deployed in CSP Designer.
  • Script Security Policy & ACL Editor: Custom script permissions can be managed, edited, tested, and deployed in the Script Security Designer.
 
incident-dashboard

Incident Dashboard

The Incident Dashboard is where you can review all events. Events are organized by type of request, level of risk, and most recent occurrence. Alerts are then filtered into drawers that reduce noise so you can quickly review the most important events first.

 
 
1. Action Required

action-required

The Action Required drawer is where the most important notifications that require your immediate attention will appear. You should only see items in "Action required" if a "High-Severity" issue is detected.

2. Vulnerabilities

vulnerable-scripts

Scripts with known vulnerabilities like out-of-date libraries are managed in the Vulnerabilities drawer. otto event cards let you know where it came from and whether it is a high priority. You can use otto CSP & ACLs to mitigate risk from these external vendor vulnerabilities.  

3. New Events

new-events

New events cycle through every 24 hours to help keep your inbox up to date and organized. Older events are retained in other drawers like Action Required, Vulnerabilities, Blocked, and Live Monitoring. You can take action on many events, as in the case of 3rd-Party Web Requests, which can be accepted or blocked. If you aren't sure whether an event represents a security issue, you can also "Request Review" from otto's security team.

Understanding Alerts

High-Risk Scripts

request-review-1

otto analyzes every script at runtime and classifies them from high to low based on the level of access and control they have on your site. A high-risk designation does not necessarily indicate that a script is malicious, only that it has been found to have risky behavior, like reading sensitive input fields.  

Many known partner scripts, such as Google & Facebook, perform high-risk activities on your page. Script behavior alerts give you the visibility to decide if you want to allow all, some, or none of these behaviors on a script-by-script basis.

Malicious Scripts

malicious-scripts

Malicious scripts are scripts that are known to be distributing attacks. otto's Malware Guard & Script Shield detect and automatically block malicious scripts in the browser, protecting your website and visitors. You can review malicious scripts in the Blocked drawer.

If you need any assistance or have any questions, please let us know. We're always here to help at support@otto-js.com.

otto Support Team

Comments

Related posts

Search How to add additional sites to ottoBox
ottoBox: Content Security Policy (CSP) Designer Overview Search