770 likes | 806 Views
<br>This domain administrator guide explains how to purchase cWatch licenses, set up the service and use the comodo cWatch web console. For more information, visit: https://cwatch.comodo.com/<br><br>
E N D
rat Comodo cWatch Web Security cWatch Web Security Software Version 1.6 Website Administrator Guide Guide Version 1.6.103017 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013
Comodo cWatch Web Security - -Website Administrator Guide Table of Contents 1 Introduction to Comodo cWatch Web Security 1 Introduction to Comodo cWatch Web Security....................................................................................................... .......................................................................................................3 3 1.1 Purchasing a License 1.1 Purchasing a License................................................................................................................................... ...................................................................................................................................4 4 1.2 License Types 1.2 License Types.............................................................................................................................................. .............................................................................................................................................. 7 7 1.3 Add Websites 1.3 Add Websites............................................................................................................................................... ............................................................................................................................................... 8 8 1.4 Logging-in to the Administrative Console 1.4 Logging-in to the Administrative Console.................................................................................................... ....................................................................................................15 2 The Main Interface 2 The Main Interface.............................................................................................................................................. .............................................................................................................................................. 16 3 The Dashboard 3 The Dashboard................................................................................................................................................... ................................................................................................................................................... 18 4 Website Data and Settings 4 Website Data and Settings.................................................................................................................................. ..................................................................................................................................23 4.1 View Alerts 4.1 View Alerts.................................................................................................................................................. .................................................................................................................................................. 24 4.2 Website Overview 4.2 Website Overview....................................................................................................................................... ....................................................................................................................................... 24 4.3 Comodo Vulnerability Scan Results 4.3 Comodo Vulnerability Scan Results ........................................................................................................... ...........................................................................................................28 4.4 Comodo Malware Scan Results 4.4 Comodo Malware Scan Results.................................................................................................................. ..................................................................................................................35 4.5 Cyber Security Operation Center Results 4.5 Cyber Security Operation Center Results.................................................................................................... ....................................................................................................38 4.6 Content Delivery Network Metrics 4.6 Content Delivery Network Metrics............................................................................................................... ...............................................................................................................41 4.7 Viewing and Managing Support Tickets 4.7 Viewing and Managing Support Tickets....................................................................................................... .......................................................................................................47 4.8 Website Configuration 4.8 Website Configuration................................................................................................................................. .................................................................................................................................52 4.8.1 Configure the Website for cWatch Scanning 4.8.1 Configure the Website for cWatch Scanning....................................................................................... .......................................................................................53 4.8.2 Configure CDN Settings 4.8.2 Configure CDN Settings..................................................................................................................... .....................................................................................................................57 4.8.3 Configure Cache Settings 4.8.3 Configure Cache Settings................................................................................................................... ...................................................................................................................62 5 The Settings Interface 5 The Settings Interface......................................................................................................................................... ......................................................................................................................................... 64 6 Upgrading Licenses for Domains 6 Upgrading Licenses for Domains......................................................................................................................... .........................................................................................................................66 7 Managing Your Profile 7 Managing Your Profile......................................................................................................................................... ......................................................................................................................................... 67 8 Getting Support 8 Getting Support................................................................................................................................................... ................................................................................................................................................... 70 About Comodo About Comodo........................................................................................................................................................ ........................................................................................................................................................ 75 15 16 18 23 24 24 28 35 38 41 47 52 53 57 62 64 66 67 70 75 Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 2
Comodo cWatch Web Security - -Website Administrator Guide 1 Introduction to Comodo cWatch Web Security cWatch Web Security is a cloud-based security intelligence service built for website and domain administrators to monitor and secure their web applications from various types of attacks and threats. The console allows administrators to view statistics about attacks and security related incidents which have been monitored and blocked on protected domains The cWatch service will analyze event logs from your domains in real-time to identify and block attacks based on rules managed by Comodo Cyber Security Operations Center (CSOC). It will also identify vulnerabilities in your domains based on the Open Web Application Security Project (OWASP) top ten list and blocks them automatically. Log files can also undergo expert analysis by qualified technicians in the Comodo SOC team. You can raise support tickets to attend to security related incidents, malware removal, blacklisting/whitelisting IPs and create custom rules for Attack and Incident reporting. cWatch runs periodical malware scans on your domains, automatically removes identified malware. The Content Delivery Network (CDN) service accelerates the performance of your website by delivering your website content from a data center closest to the location of a visitor. cWatch Web Security is available in three different service levels. More details are available in License Types License Types. This guide explains how to purchase cWatch licenses, set up the service and use the cWatch web console. Guide Structure: Guide Structure: Introduction to Comodo cWatch Web Security Introduction to Comodo cWatch Web Security • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 3
Comodo cWatch Web Security - -Website Administrator Guide Purchasing a License Purchasing a License License Types License Types Add Websites Add Websites Logging-in to the Administrative Console Logging-in to the Administrative Console The Main Interface The Main Interface • • • • • The Dashboard The Dashboard • Website Data and Settings Website Data and Settings • View Alerts View Alerts Website Overview Website Overview Comodo Vulnerability Scan Results Comodo Vulnerability Scan Results Comodo Malware Scan Results Comodo Malware Scan Results Cyber Security Operation Center Results Cyber Security Operation Center Results Content Delivery Network Metrics Content Delivery Network Metrics Viewing and Managing Support Tickets Viewing and Managing Support Tickets Website Configuration Website Configuration Configure the Website for cWatch Scanning Configure the Website for cWatch Scanning Configure CDN Settings Configure CDN Settings Configure Cache Settings Configure Cache Settings The Settings Interface The Settings Interface • • • • • • • • • • • • Upgrading Licenses for Domains Upgrading Licenses for Domains • Managing Your Profile Managing Your Profile • Getting Support Getting Support • 1.1 Purchasing a License Four types of cWatch license are available: Starter • Pro • Premium • Enterprise • For more details on the services offered with each, see License Types License Types. You can purchase licenses at https://cwatch.comodo.com/plans.php https://cwatch.comodo.com/plans.php, or from the cWatch management console after logging in at https://login.cwatch.comodo.com/login https://login.cwatch.comodo.com/login. • Licenses are charged per-website. An enterprise license covers one primary domain and up to 10 sub- domains of the primary domain. • You can add multiple license types to your account if you wish to implement different protection levels on different websites. • You can associate websites with licenses in the cWatch interface. See Add Websites Add Websites for more details. • To purchase a license: To purchase a license: Choose a license type at https://cwatch.comodo.com/plans.php https://cwatch.comodo.com/plans.php.. See License Types the features of each license. License Types for more details about • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 4
Comodo cWatch Web Security - -Website Administrator Guide Select the license period and enter the number of websites (domains) you want to cover with the license. • Next, enter your details: • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 5
Comodo cWatch Web Security - -Website Administrator Guide If you already have a Comodo account, select 'Existing Comodo User' and enter your username and password. If you don't have a Comodo account, select 'New Comodo User'. Enter your email address and a password to create a new account. Complete the payment details section. • • • Read the 'End User License/Subscriber Agreement' and tick the checkbox to agree. • Click 'Continue'. After your order has been successfully processed, you will see the following order confirmation screen: • Your licenses are now active. You will also receive a confirmation email with your order details. • Existing customers should next login to their cWatch account and start registering their domains. • New users will first need to activate their Comodo account by following the link in the account verification email. • Register your domains: • Login at https://login.cwatch.comodo.com/login https://login.cwatch.comodo.com/login Click the 'Add Site' button at top-right to get started See Add Websites Add Websites for more help with adding and configuring websites. • • • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 6
Comodo cWatch Web Security - -Website Administrator Guide 1.2 License Types cWatch offers different levels of monitoring, protection, management and CDN services to websites depending on the type of license. Four license types are available: Starter • Pro • Premium • Enterprise • You can purchase different license types for specific websites depending on the level of protection you require for each. For more details on associating websites with respective license subscriptions, see Add Websites Add Websites. The following table shows the features and services that are available with each license type: Feature/Service Feature/Service Starter Starter Pro Pro Premium Premium Enterprise Enterprise Number of Websites (Unlimited Web Pages) Number of Websites (Unlimited Web Pages) 1 domain 1 domain 1 domain 1 domain and up to 10 sub-domains Detection & Removal of Known & Unknown Malware Detection & Removal of Known & Unknown Malware Stand-alone File | Embedded in Script | Database 24 hrs response 12 hrs response 6 hrs response 2 hrs response Security Information and Event Management (SIEM) and 24/7 Cyber Security Operations Center (CSOC) CSOC Analyst CSOC backed CSOC backed Malware Scan Detection / Block Malware Scan Detection / Block Spam & Website Filtering plus Analyst backed 6 hrs plus Analyst backed 2 hrs response Malware Detection Scan 24 hrs 12 hrs Vulnerability (OWASP) Detection Scan 24 hrs 12 hrs 6 hrs 2 hrs response Web Application Firewall (WAF) Web Application Firewall (WAF) Managed (Updates) 24 hrs 12 hrs 6 hrs 2 hrs response for incidents Fine Grained Control 2 hrs response for incidents CSOC backed Bot Protection Scraping Protection Enterprise Control Content Delivery Network (CDN) Content Delivery Network (CDN) Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 7
Comodo cWatch Web Security - -Website Administrator Guide Bandwidth and Domains 50 GB/mo 200 GB/mo 500 GB/mo 1000 GB/mo Uptime SLA 99.99% 100% 100% 100% Speed 40/100 Gbps 10/40/100 Gbps 10/40/100 Gbps 10/40/100 Gbps Scale 10 Tbps 96 Tbps 96 Tbps 96 Tbps Layer 7 DDoS Protection CSOC backed CSOC backed Layer 3, 4, 5 & 6 DDoS Protection CSOC backed CSOC backed 30 Days Money Back Guarantee 30 Days Money Back Guarantee 1.3 Add Websites The cWatch console lets you add and configure websites for cWatch protection and for acceleration via the content delivery network (CDN). • The number of sites that can be added to your account depends on your license. See Purchasing a License for details about license types. Purchasing a License • After enrollment, you can configure threat monitoring and CDN settings for each website. See Website Configuration Configuration for more details. Website • To add a new domain To add a new domain Login to cWatch at https://login.cwatch.comodo.com/login https://login.cwatch.comodo.com/login with your username and password. • The dashboard will appear by default Click 'Add Site' at top-right to start the 'Add Websites' wizard: • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 8
Comodo cWatch Web Security - -Website Administrator Guide The wizard contains four steps: Step 1 - Register your website Step 1 - Register your website • Step 2 - Select License Step 2 - Select License • Step 3 - HTTP Protocol Settings Step 3 - HTTP Protocol Settings • Step 4 -Finalization Step 4 -Finalization Step 1 - Register your website Step 1 - Register your website • Enter the name of the website you wish to register. Do not include 'www' at the start. • Click 'Continue Setup' to continue • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 9
Comodo cWatch Web Security - -Website Administrator Guide Step 2 - Select License Step 2 - Select License Next, choose the license type you wish to apply to the site. cWatch features and CDN traffic limits vary according to the license type. See License Types details. License Types for more • The drop-down displays all licenses that you have purchased. Choose the type of license you wish to associate with the domain you entered in step 1 • • Click 'Continue Setup' to proceed • See Purchasing a License Purchasing a License if you need help to purchase more licenses • Each 'Enterprise' license covers up to ten sub domains of a primary domain. • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 10
Comodo cWatch Web Security - -Website Administrator Guide You have to specify each sub-domain after registering the primary domain. • You should select 'Enterprise' as the license type for each sub-domain for it to be covered under the license of the primary domain. • Each sub-domain has to be configured separately for malware scanning and the CDN service. See Website Configuration Website Configuration for more details. • Step 3 - HTTP Protocol Settings Step 3 - HTTP Protocol Settings Specify whether your website uses the HTTP or HTTPS protocol. If it uses HTTPS, you can also select the SSL certificate used to secure the site. Select the protocol from the drop-down. The available options are: • HTTP HTTP - Choose HTTP and click 'Finish'. The wizard will move to Step 4 -Finalization HTTPS HTTPS - Choose HTTPS and enter the details of the certificate to be used. Step 4 -Finalization. • • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 11
Comodo cWatch Web Security - -Website Administrator Guide You need to upload the SSL certificate of the website and its private key. You should also upload any intermediary certificates. SSL Protection Settings - Table of Parameters SSL Protection Settings - Table of Parameters Parameter Parameter Description Description Name Enter a descriptive name for the certificate. This will be used to identify it in cWatch. Certificate Paste the content of your certificate. For example, the content you are looking for will look something like this: Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 12
Comodo cWatch Web Security - -Website Administrator Guide -----BEGIN CERTIFICATE----- MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEw JDTjEL MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1 UECxMC VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDT A1MDgx NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQ QHEwJD TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbm cgWWFu ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBew KE/B7j V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAg MBAAGj gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIw R4MHaA FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMA kGA1UE CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU 4xFDAS BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhv cNAQEE BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/ +HQX67aRfgZu7KWdI+Ju Wm7DCfrPNGVwFWUQOmsPue9rZBgO -----END CERTIFICATE----- SSL Chain Certificate If your certificate contains an intermediate certificate then paste it here. If not, leave this field blank. Certificate Key Paste the private key of your certificate Tip Tip: You can skip uploading the SSL certificate at this time by selecting HTTP from the drop-down. You can switch the protocol to HTTPS and select the certificate at anytime in the Malware Scan Settings interface of the website. See Configure the Website for cWatch Scanning Configure the Website for cWatch Scanning for more details. Click 'Add Certificate and Finish'. • The wizard will move to Step 4 -Finalization Step 4 - Finalization Step 4 - Finalization Step 4 -Finalization. • The final step indicates configuration is complete. cWatch will generate a CNAME DNS record for the website you have just enrolled You need to add this record to the DNS entry for your domain to route your site traffic through the CDN. Your web host may be able to help you with this step. Guidance is also available at https://support.google.com/a/topic/1615038?hl=en https://support.google.com/a/topic/1615038?hl=en. • • • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 13
Comodo cWatch Web Security - -Website Administrator Guide Tip Tip: You can skip this step at this moment and can add the CNAME entry to the DNS records at anytime. The CNAME entry will be available in the 'CDN Settings' area of the website. See Configure CDN Settings details. Configure CDN Settings for more Click 'Get Started'. • Your new website will be added to your account. All features will be activated as per the license chosen for the site. Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 14
Comodo cWatch Web Security - -Website Administrator Guide Repeat the process to add more websites. • 1.4 Logging-in to the Administrative Console You can login into the cWatch admin console at https://login.cwatch.comodo.com/login https://login.cwatch.comodo.com/login using any browser: Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 15
Comodo cWatch Web Security - -Website Administrator Guide If you are logging-in for the first time, use the username and password given in the cWatch account creation email. After your first login we strongly recommend you change your password for security reasons. • 2 The Main Interface The cWatch dashboard contains an at-a-glance summary of the security of your monitored websites. Links to all major areas of the interface are shown on the left. The right hand pane displays data for the selected item. Settings, profile options and the logout button are shown at the top-left. Displays all domains which you have added to cWatch. 'Manage Settings' allows you to configure scan, FTP, CDN and SSL settings. Refer to The Settings Interface The Settings Interface for more details. Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 16
Comodo cWatch Web Security - -Website Administrator Guide Displays your profile screen. From here you can change your contact details, alert settings and password. Refer to Managing Your Profile Managing Your Profile for more details. Allows you to logout of cWatch. The left hand menu contains a link to the dashboard and lists all domains added to your account. Click on a domain name to reveal domain options: Dashboard Dashboard - Overall statistics on all domains that are protected and managed. • Clicking on a Domain name opens the following sub tabs: • Alert Alert - Shows all notifications about malware and vulnerabilities discovered on the website. See View Alerts Alerts for more details. Overview Overview - At-a-glance summary of security status and CDN performance. See Website Overview more details. Vulnerabilities Vulnerabilities - List all threats in the OWASP top ten that have been blocked by cWatch. You have options to run on-demand vulnerability scans on the website at anytime. Refer to C Comodo Vulnerability Scan results Vulnerability Scan results for more details. Malware Malware - Summary of the number of files scanned so far and their trust levels. You have options to run on-demand malware scan at anytime on the website and submit tickets to remove any identified malicious files. See Comodo Malware Scan Comodo Malware Scan Results Results for more details. COSC COSC - Shows a real-time analysis of attack patterns on your website from the Comodo Security Operations Center. See Cyber Security Operation Center Results Operation Center Results for more details. CDN Metrics CDN Metrics - Show data about your content delivery network traffic. This includes total usage, data throughput and the locations from which your traffic originated. See Content Delivery Network Content Delivery Network Metrics Metrics to find out more. • View • Website Overview for • omodo • • Cyber Security • Ticket Ticket - Allows you to view, open and manage your support requests for the website. You can create tickets to request Comodo to whitelist or blacklist items or to clean malware from your website. See Viewing and Managing Support Tickets Viewing and Managing Support Tickets to learn more. Settings Settings - Allows you to view and configure cWatch protection settings for your website. See Website Configuration Configuration to know more. Help and Support: Help and Support: • Website • The footer bar contains the copyright details and links and options to get help and support. Click the 'Terms and Conditions' link to view the End User License Agreement for cWatch Web Security. • Click the 'Help' link to view the online help guide for Comodo cWatch at https://help.comodo.com/topic- https://help.comodo.com/topic-285- 285- • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 17
Comodo cWatch Web Security - -Website Administrator Guide 1-848-11000-Introduction-to-Comodo-cWatch-Web-Security.html 1-848-11000-Introduction-to-Comodo-cWatch-Web-Security.html. Click the 'Live Chat' button to get instant chat support from technicians at Comodo. See Getting Support more details. Getting Support for • 3 The Dashboard The dashboard shows a top-level summary of the security of all protected websites and sub-domains on your account. This allows you to quickly identify issues and effectively track the risks associated with your websites. Further details on each domain are listed underneath the main graphics. Click 'Dashboard' on the left to open the dashboard. • Click 'Simple View' or 'Advanced View' at top-right to change the level of detail shown on the dashboard. • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 18
Comodo cWatch Web Security - -Website Administrator Guide Site Risk Levels Site Risk Levels - Shows the combined risk level of all websites registered with cWatch. The risk level will change as threats are identified and/or mitigated. The possible risk levels are: Critical (C) Very High (VH) High (H) Low (L) Safe (S) Unknown (U) • • • • • • Place your mouse over a sector to see the percentage of domains in that risk category. Attacks Blocked Attacks Blocked - Shows attacks identified and blocked by cWatch on registered websites. Place your mouse over a sector to view the quantity of attacks blocked on a particular domain as a percentage of overall attacks. • • Click on a sector to view the attack details page for that website. See Cyber Security Operation Center Results Cyber Security Operation Center Results for more info. • Malware Malware - Shows malware identified by cWatch on registered websites. Place your mouse over a sector to view the quantity of malware found on a particular website as a percentage of overall discovered malware. • Click on a sector to view the Malware Scan Results page for that website. See Comodo Malware Scan Results Comodo Malware Scan Results for more info. • Vulnerabilities Vulnerabilities - Shows vulnerabilities identified by cWatch on registered websites. Place your mouse over a sector to view the quantity of vulnerabilities identified on a particular website as a percentage of overall discovered vulnerabilities. • Click on a sector to open the 'Vulnerabilities' page for that website. See Comodo Vulnerability Scan Results Comodo Vulnerability Scan Results for more details. • There are two ways to view the dashboard: Simple View Simple View Displays overall statistics on all domains in terms of 'Risk level', 'License Type' , 'License Expiry' and their 'Latest Scans'. Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 19
Comodo cWatch Web Security - -Website Administrator Guide Dashboard - Simple View Dashboard - Simple View Column Header Column Header Description Description Site Name of the website. Click the '+' icon beside the site name to view the security status of the website with respect to features covered by the license type active on the website. See 'View Security Status of a Website View Security Status of a Website' for more details • Risk Level The threat exposure level of the website. The possible values are: Critical (C) Very High (VH) High (H) Low (L) Safe (S) Unknown (U) • • • • • • License Type The type of license the domain. For more details on the features and CDN traffic limits covered by different license types, see License Types License Types. Expiration Date The expiry date of the currently active license. Last Vulnerability Scan Date and time of the most recent vulnerability scan on the site. cWatch regularly scans your websites to protect them against the types of vulnerabilities published in the Open Web Application Security Project (OWASP) top ten list. • Any threats discovered will be automatically blocked. You can also run on- demand scans on the website as and when required. • The results of the scans are displayed in the 'Vulnerabilities' page for the website. See Comodo Vulnerability Scan Results Comodo Vulnerability Scan Results for more details. • Last Malware Scan Date and time of the most recent virus scan on the site. cWatch scans all files on websites configured for malware scanning. • You can set a schedule for these scans and can also run on-demand scans when required. • The results of the scans are displayed in the 'Malware Scan' page. See Comodo Malware Scan Results Comodo Malware Scan Results for more details. • View Security Status of a Website View Security Status of a Website Click the '+' icon beside a website name to open its security status details pane. • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 20
Comodo cWatch Web Security - -Website Administrator Guide Each tile shows the security status of features covered by the various license types. The number of tiles you see depends on the website's active license type. License Type License Type Tiles Displayed Tiles Displayed Starter Starter Pro Starter and Pro Premium Starter, Pro and Premium Enterprise Starter, Pro, Premium and Enterprise Advanced View Advanced View The 'Advanced View' shows security statistics according to your license type. The higher the license type you have, the more security components you will see. For example: If your domain has a 'Starter' license, then 'Advanced View' will only show details of starter license security components. • If your domain has the 'Pro' license type, then you will see the status of both starter and pro security components. • 'Enterprise' licenses contain the full complement of security components. • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 21
Comodo cWatch Web Security - -Website Administrator Guide Similar to the Simple view, you can view more information on each website by clicking the plus symbol beside the domain name. Register New Domain: Register New Domain: Allows you to add a new domain to your website. Refer to section Add Websites Add Websites for more details. Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 22
Comodo cWatch Web Security - -Website Administrator Guide 4 Website Data and Settings cWatch displays panoramic data about all events occurring on your website. These include attacks monitored and blocked, the results of malware and vulnerability scans and attacks identified from event logs based on pre-defined correlation rules. You can also create support tickets to have Comodo support technicians analyze attacks and add IP addresses/files to the whitelist or blacklist. The support team at Comodo will create rules as per your request and apply to your account. Click a website on the left to open the following options: Alerts Alerts - View any alerts generated after cWatch scans on your website. Refer to View Alerts View Alerts for more details. • Overview Overview - Displays statistics about your protected website and your cWatch environment. This includes tickets, service summary, vulnerability/malware scans, CSOC and CDN Metrics . See Website Overview more details. • Website Overview for Vulnerabilities Vulnerabilities - Displays a list of vulnerabilities discovered on the website by vulnerability scans. You can also run new scans from this area. You have the option to submit a ticket to Comodo to request removal of the vulnerabilities. Refer to C Comodo Vulnerability Scan results Scan results for more details. • omodo Vulnerability Malware Malware - Displays the results of malware scans on the website. You can also run new scans from this area. Before you can run a malware scan you first need to download a PHP file from settings. If required, you can submit a ticket to Comodo to remove malware. Refer to Comodo Malware Scan Results Comodo Malware Scan Results for more details. • CSOC CSOC - Displays granular details about attacks identified on your website. This includes their origin, the trend of attacks over time, attacks blocked by cWatch and top ten target URLs. Refer to Cyber Security Operation Center Results Security Operation Center Results for more details. • Cyber CDN Metrics CDN Metrics - Displays information about your traffic usage over CDN (content delivery network). See Content Delivery Network Metrics Content Delivery Network Metrics for more details. • Tickets Tickets - Displays a list of tickets generated for the website and allows you to create new tickets. Refer to Viewing and Managing Support Tickets Viewing and Managing Support Tickets for more details. • Settings Settings - Allows you to view and configure cWatch protection settings for the website. See Website Configuration Configuration to know more. • Website Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 23
Comodo cWatch Web Security - -Website Administrator Guide 4.1 View Alerts cWatch alerts will be generated when malware or vulnerabilities are detected on your domains. You have the option to submit a ticket to Comodo to resolve any issues identified in an alert. To view alert messages: To view alert messages: Click the name of the website on the left side of the interface and then 'Alert'. • Alerts are sorted into various categories, including 'Vulnerabilities', 'Malware found', 'Attacks' and 'Ticket details'. 'Open a ticket to request this malware is removed.' - Allows you to create and submit a request to have the malware removed by Comodo technicians. • 4.2 Website Overview The 'Overview' page summarizes security, traffic and visitor activity on your website. To open the page To open the page Select a website on the left and choose 'Overview' • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 24
Comodo cWatch Web Security - -Website Administrator Guide Page Views Count Page Views Count - Displays the number of times your webpages were viewed by your visitors. • You can choose the time period using the slider at top-right. Select a portion of the graph to zoom-in Place your mouse on the graph to view the number of views at that point in time. • • • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 25
Comodo cWatch Web Security - -Website Administrator Guide Security Operation Center Tickets Security Operation Center Tickets - Displays the number of support tickets created for the website. Tickets are broken down by status. • Service Summary Service Summary - Displays the following key statistics from your cWatch environment: • Risk Level Risk Level - Indicates the overall risk level of the website. This is derived from identified attacks, vulnerabilities and malware found by website scans. The possible values are: Critical Very High High Low Safe Escalated Alerts Escalated Alerts - Number of tickets which were assigned to higher ranking technicians by a support team member. Managed WAF Operations Managed WAF Operations - Number of tasks in progress by Comodo security technicians working on the web application firewall. Tasks can include updating or optimizing the firewall rules. Malware Analysis & Removal Malware Analysis & Removal - The results of behavior analysis run on unknown files which were placed in the sandbox. Virtual Patching Virtual Patching - Displays the number of immediate and preventive measures taken to restore the vulnerabilities. Reputation Retrieval (Blacklist Removal) Reputation Retrieval (Blacklist Removal) - cWatch checks whether your website is present on a range of website blacklists. If it is listed on such a blacklist, cWatch removes any malware or vulnerabilities that may be causing the listing. The 'Reputation Retrieval' field indicates the number of blacklists from which the website was released by cWatch. Cyber Security Operation Center Cyber Security Operation Center • • • • • • • • • • • The 'Cyber Security Operation Center' pane displays key information from cWatch security modules, including 'Web Application Firewall', 'Malware Removal', 'Blacklist Removal' and 'Virtual Patching'. The number of tiles you see depends on your cWatch license. - The website is safe. - The website is at risk. You can open a Security Operations Center ticket to remediate the threat. - The website has not yet been scanned. Click a red alert icon Security Operation Center Results Security Operation Center Results' for more details. Malware Scan Malware Scan to view detailed results and open the ticket creation interface. See 'Cyber Cyber • The 'Malware Scan' tiles show the results of malware scans on your domain in four tiles: 'Shell & Backdoor', Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 26
Comodo cWatch Web Security - -Website Administrator Guide 'Injection and Bot', 'Defacement & Spam SEO' and 'Malware'. The number of tiles you see depends on your cWatch license. - The website is safe. - The website is at risk. You can open a Security Operations Center ticket to remediate the threat. - The website has not yet been scanned. Click a red alert icon Malware Scan Results Malware Scan Results' for more details. Vulnerabilities Vulnerabilities to view detailed results and open the ticket creation interface. See 'Comodo Comodo • The 'Vulnerabilities' tiles show the results of scans on your domain for the top 10 OWASP threats. Cwatch automatically blocks any OWASP threats it finds. The number of threats found in each category is shown in a separate tile: - The website is safe. - The website is at risk. You can open a Security Operations Center ticket to remediate the threat. - The website has not yet been scanned. Click a red alert icon Malware Scan Results Malware Scan Results' for more details. Content Delivery Network Content Delivery Network to view detailed results and open the ticket creation interface. See 'Comodo Comodo • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 27
Comodo cWatch Web Security - -Website Administrator Guide The 'Content Delivery Network' pane show live data about your service usage. You can configure your website to use the CDN service by adding a CNAME to your DNS record. If you have not yet configured the CNAME record then no data will be shown here. Click the yellow • information icon to start the configuration process. The CNAME record for your website is generated by cWatch and can be found in 'Settings' > 'CDN Settings'. See Configure CDN Settings Configure CDN Settings for more details. • See Content Delivery Network Metrics Content Delivery Network Metrics for more details about CDN statistics. • 4.3 Comodo Vulnerability Scan Results cWatch periodically scans your website s against the types of vulnerabilities published in the Open Web Application Security Project (OWASP) top ten list. It automatically blocks any of these threats that it discovers. The 'Vulnerabilities' page shows the last ten scheduled and manual scans run on the website. Each scan row show the number of vulnerabilities blocked and their security risk levels. • The interface also allows you to view the number of threats in each OWASP category that were blocked by cWatch on each scan. You can view descriptions on each vulnerability category • You can also view the pages on which the vulnerabilities were found and can submit support tickets to have the offending malware removed (Premium license required). • The page also allows you to run on-demand vulnerability scans on the domain. • Background Background. OWASP is an online community that collects critical domain security issues worldwide and periodically publishes the top ten vulnerability categories. These categories help to protect websites against against serious web-app security flaws. cWatch checks whether your registered domains are vulnerable to the tests in the OWASP top ten and allows you to take remedial actions on those that fail. Click on a registered domain on the left and choose 'Vulnerabilities' to open the 'Vulnerabilities' page. • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 28
Comodo cWatch Web Security - -Website Administrator Guide Vulnerability Scans - Column Descriptions Vulnerability Scans - Column Descriptions Coulmn Header Coulmn Header Description Description Scan Date Date and time at which the scan was run. High, Medium, Low and Information Number of vulnerabilities found in each risk level. OWASP Score The number of OWASP top-10 threat categories passed by your site. Viewing Detailed Scan Results of a Selected Scan Viewing Detailed Scan Results of a Selected Scan Click a row from the table of scans to view its investigation details • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 29
Comodo cWatch Web Security - -Website Administrator Guide The pie chart shows the breakup of vulnerabilities of different risk levels and overall security status. • The list below the pie chart shows the total number of threats identified and blocked in each of the top ten OWASP vulnerability categories. • Select an attack category to view the description of it. • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 30
Comodo cWatch Web Security - -Website Administrator Guide You can also view the webpages and URIs associated with those vulnerabilities and create support tickets for CSOC staff to remove them. See the description of Viewing Vulnerability Details and Creating Support Tickets Tickets below, for more details. • Viewing Vulnerability Details and Creating Support Viewing Vulnerability Details and Creating Support Tickets Viewing Vulnerability Details and Creating Support Tickets Click an attack category to view its details. • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 31
Comodo cWatch Web Security - -Website Administrator Guide The 'Vulnerability Details' pane will display a list of threats identified under the chosen category along with the number of webpages and URIs infected by the threat. Click on a threat name to expand the pane. • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 32
Comodo cWatch Web Security - -Website Administrator Guide The view the list of infected webpages and URIs will be displayed with their severity levels. Also, you can view a detailed description of the vulnerability and guidance to prevent the attacks. Select the webpages/URIs from which the vulnerability has to be removed and click 'Add Ticket' • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 33
Comodo cWatch Web Security - -Website Administrator Guide A confirmation dialog will ask you to confirm the request. Click 'OK' • A new ticket will be created and submitted. You can track your submitted tickets from the 'Tickets' interface. See Viewing and Managing Support Tickets Viewing and Managing Support Tickets for more details. Note Note: Manual vulnerability removal feature is only available for domains with a premium license. Configure Scheduled Scans Configure Scheduled Scans By default, cWatch automatically runs weekly vulnerability scans on your website. Switch the scans 'Off' if you don't want cWatch to run automatic scans. Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 34
Comodo cWatch Web Security - -Website Administrator Guide On-demand Vulnerability Scans On-demand Vulnerability Scans To start an on-demand click the 'Start Scan' • The vulnerability scan on the domain will start. Alerts will be generated if any vulnerabilities are found. You can view the details about detected vulnerabilities in the 'Vulnerabilities' interface. 4.4 Comodo Malware Scan Results To configure your website for cWatch scans, you need to: Download a .php configuration file from the cWatch console • Save it on each registered website that you wish to protect • Configure the Website for cWatch Scanning for more details. See Configure the Website for cWatch Scanning CWatch will then run scheduled scans all files hosted on the website. • cWatch Web Security uses a range of malware detection mechanisms to identify threats on your website: • Comodo Cloud - Identifies malware using cloud based Comodo File Lookup System (FLS) • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 35
Comodo cWatch Web Security - -Website Administrator Guide CWW - Uses heuristic technologies to identify malware Dynamic - Uses signature based malware detection The 'Malware Scan' page shows the last ten scheduled and manual scans run on the website. Each scan row show the number of files scanned, the number of malicious files found and the number of those files which were automatically deleted. The last column show the overall infection status of the site. • • • You have the option to submit a support ticket to Comodo to request the manual removal of the malware. You may also request that files are added the blacklist or whitelist. • The page also allows you to run on-demand malware scans on the website. Note: The manual malware removal feature is available only for websites with 'Pro' and 'Premium' license types. • Note Click on a registered website on the left and choose 'Malware' to open the 'Malware Scan' page. • Malware Scans - Column Descriptions Malware Scans - Column Descriptions Coulmn Header Coulmn Header Description Description Scan Date Date and time at which the scan was run. Total Files Scanned The number of files scanned during that malware scan session. Malware Found The number of malware files identified during that malware scan session. Removed Automatically The number of malware files that were automatically removed by cWatch. cWatch automatically removes malicious items for which a dis-infection routine exists. Items that could not be removed by cWatch should be manually removed from your website. If required, you can create a CSOC ticket to get certified technicians from Comodo to remove those items. See Viewing and Managing Support Tickets Viewing and Managing Support Tickets for more details Status Indicates the infection status of the domain. - The domain is safe. - The domain is infected. You can create SoC tickets to remove identified malware. Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 36
Comodo cWatch Web Security - -Website Administrator Guide - The domain is not yet scanned. Click a row in the table of scans to view malware identified during the scan • Malware Found - Column Descriptions Malware Found - Column Descriptions Coulmn Header Coulmn Header Description Description Detection Indicates whether the item is identified as Malware or Suspicious Malware Name Displays the name of the item Path Indicates file path in the web server at which the item was found Automatic Removal Indicates whether the malware was deleted automatically by cWatch. Action Allows you to take a remedial action on the item. Refer to the explanation below for more details. To take a remedial action on an item click the hamburger icon in the 'Action' column. • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 37
Comodo cWatch Web Security - -Website Administrator Guide Add to Whitelist - If you think an item is a false positive and can be trusted, choose 'Add to Whitelist'. An 'Add Ticket' dialog will appear, enabling you create a support ticket to add the item to whitelist. Once accepted, the item will be skipped in future scans on the domain. • Remove Malware - If you want the item to be removed from the domain, choose 'Remove Malware'. An 'Add Ticket' dialog will appear, enabling you to create a ticket to remove the item. cWatch technicians will attend to the issue and remove the malware item manually. • You can track your submitted tickets from the 'Tickets' interface. Refer to Viewing and Managing Support Tickets more details. Viewing and Managing Support Tickets for 4.5 Cyber Security Operation Center Results The Cyber Security Operation Center (CSOC) is a team of dedicated analysts at Comodo who monitor and remediate threats discovered by Comodo's enterprise security solutions. The CSOC team monitors the event logs of registered websites and constantly updates security rules to deliver unrivaled, real-time protection for our users. CSOC generates alerts whenever it identifies and blocks an attack. These can be viewed in the 'Alerts' section. See View Alerts View Alerts for more details. The CSOC interface contains a range of charts which show detailed statistics about attacks that were identified and blocked on your website. Click the name of a website on the left then choose 'CSOC' to open the results interface. • The slider at the top right allows you to choose the time period for which you want to view the statistics. • WAF Blocked WAF Blocked The 'WAF Blocked' chart shows a timeline of attacks blocked by the Web Application Firewall based on constantly updated firewall rules. Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 38
Comodo cWatch Web Security - -Website Administrator Guide Place your mouse on the chart line to see the exact number of attacks blocked at that point in time. • Click and drag on a point on the line to zoom in on a particular time range. Click 'Reset Zoom' to return to the original view. DDOS Blocked DDOS Blocked • This chart shows a timeline of Distributed Denial-of-Service (DDoS) attacks blocked by cWatch, allowing you to easily track threat activity over time. Place your mouse on the chart line to see the exact number of attacks blocked at that point in time. • Click and drag on a point on the line to zoom in on a particular time range. Click 'Reset Zoom' to return to the original view. • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 39
Comodo cWatch Web Security - -Website Administrator Guide Threat Source Threat Source The 'Threat Source' pie-chart shows the breakdown of blocked threats based on their source type. For example, this chart may show blocked traffic from blacklisted IPs and threats blocked by firewall rules. Place your mouse over a sector to see the total number of attacks from a particular source type. Threat Category Threat Category • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 40
Comodo cWatch Web Security - -Website Administrator Guide The 'Threat Category' pie-chart shows a breakdown of blocked threats by threat category. For example, this chart might show category such as cross site request forging, form submission validation errors and threats identified by heuristic rules. Place your mouse over a sector to see the total number of attacks from a particular source type. • 4.6 Content Delivery Network Metrics Your cWatch license includes a content delivery network (CDN) service for your websites. The service will improve page load-times for your customers and improve the reliability/uptime of your site. • You can configure your websites to use the service by adding a CNAME entry to your DNS records. • The CNAME entry is generated by cWatch. See Add Websites Add Websites and Website Configuration Website Configuration for more details. • Once configured, the CDN service will: Accelerate performance by delivering your website content to your visitors from data centers closest to their location. The amount of CDN traffic available for a website depends on the cWatch license active on it. See License Types License Types for more details. • Forward event logs to the Comodo CSOC team who will monitor the traffic to identify anomalous behavior and threats. • Provide Comodo web application firewall protection for your domains. The CSOC team constantly improves the Mod Security rules in Comodo web application firewall to provide cutting edge protection for our customers. • The Content Delivery Network (CDN) Metrics page for a website displays statistics on your CDN usage and traffic throughput. Click a website name on the left then choose 'CDN Metrics' . • The slider at the top right allows you to choose the time period for which you want to view the statistics. • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 41
Comodo cWatch Web Security - -Website Administrator Guide The page contains the following charts: CDN Usage CDN Usage The 'CDN Usage' pie chart shows how much CDN data your website has used of your plan quota. Place your mouse on a sector to view the precise amount of data used/remaining. • Request and Bandwidth by Edge Location Request and Bandwidth by Edge Location The 'Request and Bandwidth by Edge Location' map shows the regions from which your traffic originated. You can also view the number of access requests from each region. Click on an regional hot-spot to view the traffic and number of access requests from that region. • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 42
Comodo cWatch Web Security - -Website Administrator Guide Request and Bandwidth by Region Request and Bandwidth by Region The 'Request and Bandwidth by Region' graph shows the number of website requests and the amount of data used by each continent. You can choose the time period using the slider at top-right. Select a portion of the graph to zoom-in The yellow line graph shows the number of requests from different continents • • • Place your mouse on the line to view the number of requests from the respective continent The green bar graph shows the bandwidth usage from different continents • • Place your mouse on a bar to view the precise traffic bandwidth from the respective continent Status Codes by Types Status Codes by Types • The 'Status Codes by Types' graph shows the numbers of Hypertext Transfer Protocol (HTTP) response status codes of different types returned for requests from your website visitors. Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 43
Comodo cWatch Web Security - -Website Administrator Guide You can choose the time period using the slider at top-right. Select a portion of the graph to zoom-in Place your mouse on the graph to view the number of responses of that type returned at that time point Status Code Distribution by Percentage Status Code Distribution by Percentage • • • Shows the percentage of HTTP response status codes generated by your site within the set time period. HTTP status codes are as follows: 1xx Informational responses. • 2xx Success. • 3xx Redirection. • 4xx Client errors. • 5xx Server errors. • You can choose the time period using the slider at top-right. • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 44
Comodo cWatch Web Security - -Website Administrator Guide Place your mouse on a sector the to view the number of responses of that type Status Code Details Status Code Details • The 'Status Code Details' pane displays the precise HTTP response status codes returned within the selected time period. A detailed explanation of each code is available at https://en.wikipedia.org/wiki/List_of_HTTP_status_codes https://en.wikipedia.org/wiki/List_of_HTTP_status_codes. You can choose the time period using the slider at top-right. Use the search box at the right to search for a particular status code Click any column header to sort the items in alphabetical ascending/descending order of entries in that column. • • • Top File Types by Requests Top File Types by Requests The 'Top File Types by Requests' graph shows the numbers of different file types requested by your website visitors over the set time period. Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 45
Comodo cWatch Web Security - -Website Administrator Guide You can choose the time period using the slider at top-right. Place your mouse on a bar to view the exact number of files of that type served to your visitors. Select a portion of the graph to zoom-in File Size Distribution by Percentage File Size Distribution by Percentage • • • The 'File Size Distribution by Percentage' graph shows the numbers of files of different file sizes requested by and served to your visitors from your website. You can choose the time period using the slider at top-right. Place your mouse on a bar to view the exact number of files of that size range delivered to your visitors. Select a portion of the graph to zoom-in • • • All File Types All File Types The 'All File Types' pane displays the exact numbers of different types of files delivered to your visitors from your Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 46
Comodo cWatch Web Security - -Website Administrator Guide website within the selected time period. You can choose the time period using the slider at top-right. Use the search box at the right to search for a particular file type. Click any column header to sort the items in alphabetical ascending/descending order of entries in that column. • • • 4.7 Viewing and Managing Support Tickets cWatch allows web administrators to create support tickets for various requests like removal of malware and vulnerabilities from websites, whitelisting/blacklisting IP addresses, whitelisting of items so they are excluded from website scans and more. cWatch technicians from Comodo will attend the requests to resolve the issues. Tickets can be created in the following ways: Request for removal of malware or false positive item identified by malware scanning to Whitelist, from the Malware interface. Refer to Comodo Malware Scan Results Comodo Malware Scan Results for more details. • Request for removal of vulnerabilities identified by vulnerability scans, from the 'Vulnerabilities' interface. Refer to Comodo Vulnerability Scan Results Comodo Vulnerability Scan Results for more details. • Manually adding a support ticket for various activities like Phishing removal, DNS configuration, Vulnerability Removal and more. Refer to the explanation of creating a new ticket • creating a new ticket. Once a ticket is added, certified cWatch technicians will resolve your requests and issues. You can track your submitted tickets from the 'Tickets' interface for a domain. The Tickets interface for a domain displays a list of support tickets generated for the domain with their status, and allows you to manually create new tickets provide additional information, if needed in order to resolve the issues. To open the 'Tickets' page for a domain, click the website name at the left and choose 'Tickets' from the options. • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 47
Comodo cWatch Web Security - -Website Administrator Guide The Filter Options at the top right allow you to filter the tickets based on their status. • The pie-chart on the provides a breakdown of tickets by status. Placing the mouse on a sector displays the percentage of items in each category. The table on the right displays the list of tickets generated for that domain. • Open Tickets - Column Descriptions Open Tickets - Column Descriptions Coulmn Header Coulmn Header Description Description Status Indicates the status of the ticket. The possible values are: In Progress - The ticket is being attended by a technician • Open - The ticket is yet to be attended. • Awaiting Input - The technician needs some information from you in order to resolve the issue. • Reported The date at which the ticket was generated. Type Displays the type of the request as per the ticket. Name The name to identify the ticket. Value Displays the IP address or file name of the item to be blacklisted/whitelisted as per the ticket. Description The description of the issue. To generate a new ticket To generate a new ticket Click 'Add Ticket' at the top right of the 'Tickets' page. • Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 48
Comodo cWatch Web Security - -Website Administrator Guide The 'Add Ticket' dialog will open. Add Ticket Dialog - Form Parameters Add Ticket Dialog - Form Parameters Form Element Form Element Description Description Type Select the type of request from the drop-down: Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 49
Comodo cWatch Web Security - -Website Administrator Guide Whitelist IP Whitelist IP - Creates a request for adding an IP address to whitelist for the domain, so that traffic from that IP will not be intercepted. Enter the IP address to be added in the 'Value' field. Blacklist IP Blacklist IP - Creates a request for adding an IP address to blacklist for the domain, so that traffic from that IP will be blocked. Enter the IP address to be added in the 'Value' field. Whitelist File Whitelist File - Creates a request for adding an item, like an executable file to the whitelist for the domain, so that the item will be excluded from the future website scans. Enter the full file name of the item in the 'Value' field. Malware Removal Malware Removal - Creates a request for removing an item identified as malware based on your analysis. Enter the full file name of the item in the 'Value' field. Blacklist Removal Blacklist Removal - Creates a request for removing the domain for which the ticket is raised, from Comodo Blacklist. The domain name will be auto-populated in the 'Value' field. Phishing Removal Phishing Removal - Creates a request for removing the domain for which the ticket is raised, from list of global phishing websites. The domain name will be auto-populated in the 'Value' field. Other Other - Creates request for other needs like creating new correlation rules or Mod Security rules, attend to incidents and more. You can enter your request in the description field. DNS Configuration DNS Configuration - Creates a request for adding and managing the DNS records for the domain registered with the DNS service provider/webhost. Enter the record to be registered in the 'Value' field and your request in the description field. Block IP Block IP - Creates a request for blocking any traffic from a specified IP address to the domain for which the ticket is created. Enter the IP Address to be blocked in the 'Value' field. Block IP Country Block IP Country - Creates a request for blocking any traffic from the whole country to which a specified IP address belongs, to the domain for which the ticket is created. Enter the IP Address in the 'Value' field. Vulnerability Removal Vulnerability Removal - Creates a request for removing vulnerability of a specified category from the domain. Enter the name of the vulnerability/attack category in the 'Value' field. Comodo cWatch Web Security - Website Administrator Guide | © 2017 Comodo Security Solutions Inc. | All rights reserved. 50