- View alerts and cases that apply to their tenant
- Collaborate via comments (two-way)
- Track status updates (open/closed)
- View agents/endpoints associated with their tenant
- Share/receive case files (uploads)
Security note: treat the Customer Portal as an Internet-facing app only when it’s deployed behind a WAF / reverse proxy (and ideally a VPN). If you find security issues, please open a GitHub issue so we can address them.
Architecture (high level)
- CoPilot Admin UI: for internal SOC/admin work (full platform visibility)
- Customer Portal UI: separate container/service with limited customer-facing functionality
8443).
Enable the Customer Portal (Docker Compose)
- Edit your
docker-compose.ymland uncomment/add thecopilot-customer-portalservice.
- Pull + start:
- Access:
https://<your_instance_ip_or_hostname>:8443
Recommendation: expose only the Customer Portal externally (not the admin UI), and front it with a WAF/reverse proxy.
Customize branding (title + logo)
In the CoPilot Admin UI, there is a Customer Portal section where you can:- Set the portal title
- Upload/update the portal logo
Create Customer Portal users
Customer users are created in the CoPilot Admin UI:- Go to Users
- Create user
- Select role:
customer_user - Set an initial password (user can change after first login)
Assign a user to a customer (tenant)
After creating the user, assign them to one or more customers. Their portal view will only show alerts/cases/agents for the customer(s) they’re assigned.Collaboration model (alerts + cases)
Comments (two-way)
- SOC analysts can comment on an alert/case in the admin UI
- Customers can reply from the Customer Portal
- Both sides see the same comment thread
