Skip to content

Dashboard Guide

The ScreenStop Dashboard is the central management console for all protected workstations. From here, IT administrators can monitor events, push configuration changes, and control detection behavior across the fleet.

Dashboard Overview

Accessing the Dashboard

The dashboard is a web application hosted on your organization's server.

Default credentials (change after first login):

Role Username Password
Admin admin admin

Station List

The main view shows all registered stations:

Station List

  • Status indicator — green when online, grey when last seen >5 min ago
  • Last seen timestamp
  • Device ID — unique identifier per machine
  • Detection events count

Stations register automatically the first time ScreenStop runs and contacts the dashboard.

Event Feed

Each station reports events in real time:

Events Explorer

Event Type Trigger
phone Phone pointed at screen
unauthorized_face Unrecognized person detected
shoulder_surfing Multiple faces detected
unattended No face detected for configured duration
camera_covered Camera lens blocked
usb_blocked USB drive ejected (USB Protection active)
usb_detected USB drive detected (Audit Mode — no eject)
print_blocked Print job cancelled (Print Protection active)
print_detected Print job detected (Audit Mode — no cancel)
camera_error Camera disconnected or read failure — station retries for 30s, then marks itself offline

Events include a timestamp, device ID, confidence score, and detection details. Events with Debug Mode active include a camera frame — click the camera icon in the event row to view the snapshot.

Departments

Departments group stations and push a shared policy to all stations in the group.

Departments List Policy changes apply to all stations in the department within ~5 seconds.

To create a department:

  1. Go to Departments > New Department
  2. Name it (e.g. "Finance", "HR", "R&D")
  3. Assign stations to the department

New Department

Department Policy (v2.0)

Each department has an Endpoint DLP policy card and an Audit & Capture Policy card. These settings are pushed to all stations in the department automatically.

Department Configuration

Audit Mode

Enables silent monitoring — detections fire and events are logged, but no action is taken (no lock, no blur, no USB eject, no print cancel).

To enable Audit Mode:

  1. Go to Departments > select a department
  2. Open the Audit & Capture Policy card
  3. Toggle Audit Mode on
  4. Click Save — all stations in the department switch to audit mode within ~5 seconds

Tip

Run Audit Mode for 1–2 weeks before enforcing policy. Review the event feed to baseline normal behaviour and tune detection sensitivity. Then disable Audit Mode to go live.

Capture Mode (Department Policy)

Saves a camera snapshot to local disk on the station for every detection event.

To enable Capture Mode:

  1. Go to Departments > select a department
  2. Open the Audit & Capture Policy card
  3. Toggle Show Detection Images in Events on
  4. Click Save

Snapshots are saved locally on the station in the detections/ folder. The daemon keeps the last 100 images (auto-cleanup).

Add Screen Capture to Detection Images

When enabled, a screenshot of the screen content is captured before the blur overlay fires and combined with the camera frame. The combined image shows both who was detected and what data was visible at the moment of the incident.

To enable:

  1. Go to Departments > select a department
  2. Open the Audit & Capture Policy card
  3. Toggle Add Screen Capture to Detection Images on
  4. Click Save

Privacy

This captures whatever is on the screen. Enable only where your data retention policy permits it and employees have been informed.

This is different from per-station Debug Mode

Department Capture Mode saves frames to the station's local disk for compliance retention. Per-station Debug Mode (toggle on the station page) streams frames live to the dashboard for active investigation.

USB Protection

Automatically ejects USB storage drives unless an authorized person is at the workstation.

To enable USB Protection:

  1. Go to Departments > select a department
  2. Open the Endpoint DLP card
  3. Toggle USB Protection on
  4. Click Save

Tip

Enable Audit Mode first to see usb_detected events in the feed before switching to enforcement (usb_blocked).

Cancels print jobs unless an authorized person is at the workstation.

To enable Print Protection:

  1. Go to Departments > select a department
  2. Open the Endpoint DLP card
  3. Toggle Print Protection on
  4. Click Save

Per-Station Settings

Individual station settings are configured from the station detail page.

Station Detail

To configure a station:

  1. Go to Stations > click a station
  2. Adjust settings in the configuration panel
  3. Click Save — changes sync within ~5 seconds

Note

No restart is required. The daemon reads updated config on its next detection cycle.

Debug Mode (Per-Station)

Debug Mode enables live log streaming and sends camera frames to the dashboard with each detection event.

Station Capture Logs

To enable Debug Mode:

  1. Go to Stations > select a station
  2. Toggle Capture on (top of station page)
  3. Open the Capture Logs tab to see live output

Use LOG_LEVEL = DEBUG for verbose output. Turn Debug Mode off when done.

Warning

Debug Mode stores camera frames on the dashboard server. Only enable it when actively investigating an incident.

Alerts & Notifications

Email alerts and SIEM forwarding are configured in Admin → Notifications.

Email Alerts

  1. Go to Admin → Notifications → Email (SMTP)
  2. Enter your SMTP server details and recipient addresses
  3. Click Save & Test to verify the connection
  4. Set thresholds in the Thresholds tab — alerts fire when a detection type exceeds the configured daily count

Alerts are de-duplicated: one email per event type per station per day.

SIEM / CEF Syslog

  1. Go to Admin → Notifications → SIEM
  2. Enter your SIEM host, port, and protocol (UDP or TCP)
  3. Enable and save — events are forwarded in CEF format immediately

Compatible with Splunk, QRadar, ArcSight, and any CEF-capable SIEM.

Alert Thresholds

Go to Admin → Notifications → Thresholds to set per-station and global daily thresholds per event type. Set to 0 to disable a threshold entirely.

AI Threat Analysis

The AI Analysis page automatically summarizes threat activity across all stations for a selected time period, highlights anomalies, and recommends actions.

AI Threat Analysis

Select a time range (Last Hour, Last 24h, Last 7 Days, Last 30 Days) and click Run Analysis. The Ask a Question tab lets you query the event data in natural language.

Admin Panel

The Admin Panel is accessible to admin-role users only. It provides system-level management tools.

Users

Create and manage dashboard user accounts and assign roles (Admin or User).

Admin Users

Database

View database statistics and run cleanup to remove old records.

Admin Database

System

View server platform details and restart the server if needed.

Admin System

Server Logs

Fetch live server-side logs for troubleshooting.

Admin Server Logs

About

View the installed version, license type, and license terms.

Admin About

Notifications

Configure email alerts (SMTP) and SIEM/CEF syslog forwarding. Set per-event-type thresholds for per-station and global alerts. See Alerts & Notifications above for full details.

AI Settings

Configure the LLM provider (Anthropic, OpenAI, or Ollama/Azure) used by the AI Analysis feature.

Admin AI Settings