Dope Security
Dope Security is an endpoint protection platform that provides network security, file activity monitoring, and threat detection. Dope Security logs capture endpoint events including network traffic, file operations, process executions, and security policy violations. These logs help monitor endpoint security, detect threats, and investigate security incidents.
Ingest Methods
RunReveal offers the following ways to ingest Dope Security logs:
If using an AWS S3 bucket use the following SNS topic ARN to send your bucket notifications.
arn:aws:sns:<REGION>:253602268883:runreveal_dope_securityReplace <REGION> with the AWS region where your S3 bucket is located (e.g., us-east-1, us-west-2, eu-west-1).
Webhook
Dope Security can send logs directly to RunReveal via webhook using the Dope Security Webhook source type.
Step 1: Create Webhook Source in RunReveal
- Go to Sources in RunReveal
- Click the Dope Security Webhook source tile
- Give it a descriptive name (e.g., “Dope Security Webhook”)
- Optionally enable bearer token authentication for added security
- Click Connect Source to generate a unique webhook URL
- Copy the generated webhook URL and bearer token (if enabled)
Step 2: Configure Dope Security
- Log into your Dope Security console
- Navigate to integrations or webhook settings
- Add a new webhook destination
- Configure the webhook:
- URL: Paste the RunReveal webhook URL you copied
- Method: POST
- Content-Type: application/json
- Authorization: If you enabled bearer token, add
Authorization: Bearer YOUR_TOKENheader
- Save the webhook configuration
Schema
The following columns are exposed for this source. RunReveal applies schema normalization across all sources, ensuring uniform field names and data types for cross-source queries and reusable detection logic.
Table: dope_security_logs (57 columns)
dope_security_logs (57 columns)| Column | Type |
|---|---|
id | String |
workspaceID | String |
sourceID | String |
sourceType | String |
sourceTTL | UInt32 |
receivedAt | DateTime64(3) |
eventTime | DateTime64(3) |
eventName | String |
eventID | String |
srcIP | String |
srcASCountryCode | String |
srcASNumber | UInt32 |
srcASOrganization | String |
srcCity | String |
srcConnectionType | String |
srcISP | String |
srcLatitude | Float64 |
srcLongitude | Float64 |
srcUserType | String |
dstIP | String |
dstASCountryCode | String |
dstASNumber | UInt32 |
dstASOrganization | String |
dstCity | String |
dstConnectionType | String |
dstISP | String |
dstLatitude | Float64 |
dstLongitude | Float64 |
dstUserType | String |
| Column | Type |
|---|---|
actorID | String |
username | String |
userEmail | String |
hostname | String |
rawLog | String |
timestamp | String |
duration | Int32 |
matchedDestination | String |
destinationIP | String |
tenantID | String |
agentID | String |
user | String |
oidcUser | String |
categories | Array(Int32) |
verdict | Int32 |
verdictString | String |
dataSent | Int64 |
dataReceived | Int64 |
policyType | String |
blockDetail | String |
filename | String |
fileHash | String |
processName | String |
url | String |
policyName | String |
protocol | String |
httpMethod | String |
processCallTree | String |