The otto interface, ottoBox, has been designed to make testing, monitoring, alerts, and mitigation easy and intuitive to manage and get you back to building & releasing cool stuff faster.
Here are the three most important things to get started reviewing and managing your 3rd-party risks and vulnerabilities.
The Action Required drawer is where the most important notifications that require your immediate attention will appear. You should only see items in "Action required" if a "High-Severity" issue is detected.
Scripts with known vulnerabilities like out-of-date libraries are managed in the Vulnerabilities drawer. otto event cards let you know where it came from and whether it is a high priority. You can use otto CSP & ACLs to mitigate risk from these external vendor vulnerabilities.
New events cycle through every 24 hours to help keep your inbox up to date and organized. Older events are retained in other drawers like Action Required, Vulnerabilities, Blocked, and Live Monitoring. You can take action on many events, as in the case of 3rd-Party Web Requests, which can be accepted or blocked. If you aren't sure whether an event represents a security issue, you can also "Request Review" from otto's security team.
otto analyzes every script at runtime and classifies them from high to low based on the level of access and control they have on your site. A high-risk designation does not necessarily indicate that a script is malicious, only that it has been found to have risky behavior, like reading sensitive input fields.
Many known partner scripts, such as Google & Facebook, perform high-risk activities on your page. Script behavior alerts give you the visibility to decide if you want to allow all, some, or none of these behaviors on a script-by-script basis.
Malicious Scripts
Malicious scripts are scripts that are known to be distributing attacks. otto's Malware Guard & Script Shield detect and automatically block malicious scripts in the browser, protecting your website and visitors. You can review malicious scripts in the Blocked drawer.
If you need any assistance or have any questions, please let us know. We're always here to help at support@otto-js.com.