Skip to main content

Security Monitoring

Security Dashboard Navigate to Security to monitor access violations and security events.

Dashboard Components

Security Alerts - Click “Review” to see details in Audit Logs:
  • Policy Denied Actions
  • Failed Authentication Attempts
  • Authentication Error
  • Login Failed
Top Blocked Servers - MCPs with most access denials
  • High counts may indicate missing access policies
Top Blocked Users - Users with most blocked attempts
  • May need access or training
Policy Denials Timeline - Violations over time Security Violations Timeline - Security scanner detections:
  • Input: Suspicious requests to MCPs
  • Output: Suspicious responses from MCPs
  • Includes activity from both users and Agents
Most Common Security Violation Reasons - Specific threats detected Token Masking - Tool Call Guard automatically masks sensitive tokens detected in MCP responses, including API keys, OAuth tokens, AWS credentials, database connection strings, and more.

Responding to Issues

High blocks for one user: Grant access or investigate unauthorized attempts High blocks for one server: Review if team needs access Spike in violations: Potential security incident - escalate Repeated auth failures: Fix credentials or detect attack

Audit Logs

View detailed activity logs

Security Best Practices

Security guidelines