Managing Applications
The Applications page shows all MCP-enabled applications detected across your organization and lets you control which ones are protected.
Viewing Applications
Navigate to Applications in the sidebar to see all detected applications.
What You See
Each application displays:
- Name and icon - Visual identifier
- Protection status - Whether it's currently protected
- MCP servers - Number of configured servers
- Device - Which machine it's running on
- User - Who owns this application
- Last activity - Recent interaction time
Protection Status
| Status | What It Means |
|---|---|
| Protected | Actively monitoring all MCP communications |
| Unprotected | Detected but not yet secured |
| Pending | Protection is being activated |
| Error | Issue preventing protection |
| Offline | Application not currently running |
Enabling Protection
To protect an application:
- Find the application in your list
- Toggle Enable Protection on
- Restart the application when prompted
The application must be restarted for protection to take effect.
What Protection Does
When enabled, CyberCage:
- Routes all MCP server communications through the agent
- Analyzes requests and responses for threats
- Blocks malicious activity based on your policies
- Logs all activity for audit purposes
- Blocks unknown servers until approved
Disabling Protection
You may need to temporarily disable protection for:
- Troubleshooting connectivity issues
- Testing new MCP servers in development
- Emergency access during outages
To disable:
- Toggle protection off
- Confirm the security warning
- Restart the application
Remember to re-enable protection as soon as possible.
Application Details
Click any application to view detailed information:
Overview Tab
- Application version and platform
- Current protection status
- Device and user information
- Last synchronization time
MCP Servers Tab
View all MCP servers configured in this application:
- Server name and type (STDIO or HTTP/SSE)
- Approval status (Approved/Pending/Blocked)
- Configuration scope (user-level or workspace-specific)
- Recent activity
- Quick approve/block actions
Activity Tab
Recent events for this application:
- Protection status changes
- Configuration updates
- Server additions or removals
Threats Tab
Security incidents specific to this application:
- Threat type and severity
- Which server triggered the detection
- Action taken (blocked or allowed)
- Link to full investigation
Filtering and Searching
Quick Filters
- By status (Protected, Unprotected, Error)
- By device
- By user
- By application type
Search
Search by application name, device name, user email, or server name.
Bulk Operations
Select multiple applications to:
- Enable or disable protection for several apps at once
- Export application list for reporting
- Apply policy changes to groups of applications
Common Tasks
New Developer Onboarding
When a new developer joins:
- Wait for their applications to appear (usually within 5 minutes of daemon installation)
- Select all their applications and enable protection in bulk
- Ask them to restart their applications
- Verify all show as "Protected"
Investigating User Issues
When a user reports problems:
- Search for their applications by email or device name
- Check the protection status
- Review the Activity tab for recent changes or errors
- Check the Threats tab for blocked requests
- Take appropriate action (adjust policies, unblock server, etc.)
Troubleshooting
Application Not Appearing
If an application isn't showing up:
- Verify the application is MCP-enabled and supported (see Applications)
- Confirm the daemon is running:
cybercage status - Check that the application has MCP servers configured
- Wait up to 5 minutes for the next sync
- Verify the configuration file exists in the standard location for that application
Protection Won't Enable
If toggling protection doesn't work:
- Check the error message in the Activity tab
- Verify the user has necessary permissions
- Ensure the application is running the latest version
- Check for conflicting security software
- Contact support with error details
Status Keeps Changing
If protection keeps switching on/off:
- Check if the application is auto-updating
- Verify the user isn't manually editing MCP configuration files
- Look for daemon connectivity issues in Fleet Management
- Review device health status
Integration with Other Features
MCP Catalog - Server approval status in the catalog affects all applications using that server. Servers detected from applications are automatically added to the catalog.
Threats - Threats are linked to the specific application that triggered them. Navigate between threat reports and source applications.
Fleet Management - Each application is protected by a specific daemon. View daemon health and connectivity status.
Next Steps
- MCP Catalog - Approve or block servers used by applications
- Threat Reports - Investigate security events
- Fleet Management - Monitor agent health across devices