Explore Kubernetes workloads
The Workloads page provides a comprehensive inventory of Kubernetes workloads and their runtime posture. From this page, you can:
- Identify workloads with elevated security risk
- Monitor profiling status and runtime visibility
- Review runtime behavior and security posture
- Drill down into workload-specific details
Use the Command Platform to access Container Runtime Security
Access Container Runtime Security from the Command Platform to authenticate and take action on findings. If you open Cloud Security outside the Command Platform, you can view detections, but some features are unavailable.
To view Kubernetes workloads:
- Log in to the Command Platform .
- Go to Controls & Compliance > Runtime.
- Click Manage Rules and Policies. The Container Runtime Security feature opens to the Threat Detection page.
- Click Workloads.
Before you begin
Accessing the Workloads page requires Container Runtime Security. Review Enable and use Container Runtime Security for details.
Explore workloads
Workloads are evaluated using runtime and configuration signals.
| Risk Factor | Description |
|---|---|
| Internet facing | Publicly reachable from the internet |
| External facing | Accessible outside the cluster |
| Privileged | Running in privileged mode or with elevated permissions |
| Secret Access | Has access to Kubernetes secrets |
| Host Access | Can access the host system (for example, hostPath volumes) |
| Data Access | Accesses sensitive or persistent storage |
The profiling engine observes runtime behavior to establish a baseline.
| Status | Meaning |
|---|---|
| Completed | Sufficient runtime data collected |
| Learning | Profiling in progress |
| Missing | Insufficient visibility or coverage |
| Failed | Profiling error or misconfiguration |
Investigate workload details
Selecting a workload opens a detailed page with three tabs:
Graph
The Graph tab visualizes workload runtime context, including:
- Observed network connections (last 24 hours)
- Mounted volumes and resources
Optional display layers include:
- Network Policy status
- Port and protocol
- Vulnerabilities
- Incidents
- Workload names
This view helps identify connectivity patterns and exposure.
App Profile
The App Profile tab shows baseline runtime behavior, including:
- Processes running inside containers
- Files accessed or modified
- API calls
- Network traffic
- Linux capabilities used
- System calls (syscalls)
This runtime baseline helps detect anomalies such as:
- Reverse shells
- Cryptomining activity
- Privilege escalation
- Unexpected binaries
Details
The Details tab provides workload security posture information, including:
- Cluster, namespace, and pod details
- Deployment information
- Risks
- Available protection