Skip to content
MCPFirewall

Security Log

The Security Log is the third tab on the Monitor page. It aggregates security events into a visual dashboard so you can see threats at a glance.

Hero cards

Section titled “Hero cards”

Four cards summarize security activity for the selected time range:

  • Threats Blocked (red): tool calls that were blocked by the scanner or denied by policy
  • Secrets Protected (green): outputs that were redacted by the scanner, plus OAuth tokens stored in the vault
  • Scanner Detections (accent): total items flagged by the sensitive data scanner
  • Approvals Required (amber): tool calls that were denied pending approval

Click any card to filter the incidents list below to that category.

Timeline chart

Section titled “Timeline chart”

A line chart shows security events over time, broken down by type: blocks (red), redactions (amber), and approvals (accent). Toggle between 24-hour, 7-day, and 30-day views.

Per-server risk

Section titled “Per-server risk”

A table shows which servers generate the most security events. Each row shows the server name, scanner event count, approval event count, and total. This helps you identify servers that may need stricter rulesets.

Recent incidents

Section titled “Recent incidents”

An expandable list of individual security events. Filter by category using the pills at the top:

  • All: everything
  • Blocks: tool calls blocked by the scanner or denied
  • Redactions: outputs where sensitive data was masked
  • Approvals: tool calls that required approval and were denied
  • Scans: items the scanner flagged but only logged (not blocked)

Each incident shows the tool name, server, incident type badge, and timestamp. Expand it to see the full details: deny reason, scanner action, matched patterns, and server ID.

Drill-through to Activity Log

Section titled “Drill-through to Activity Log”

Click the external link icon on any incident to jump to the Activity Log tab. The view auto-filters to the relevant server and highlights the matching entry with a pulse glow animation so you can find it instantly.

Data sources

Section titled “Data sources”

The Security Log pulls from the audit log and scanner detection tables. It computes aggregates on the fly for the selected time range. The data refreshes when you switch ranges or tabs.