Explore Kubernetes workloads
The Workloads page provides a comprehensive inventory of Kubernetes workloads and their runtime posture. From this page, you can:
- Identify workloads with elevated security risk
- Monitor profiling status and runtime visibility
- Review runtime behavior and security posture
- Drill down into workload-specific details
Use the Command Platform to access Container Runtime Security
Access Container Runtime Security from the Command Platform to authenticate and take action on findings. If you open Cloud Security outside the Command Platform, you can view detections, but some features are unavailable.
To view Kubernetes workloads:
- Log in to the Command Platform .
- Go to Controls & Compliance > Runtime.
- Click Manage Rules and Policies. The Container Runtime Security feature opens to the Threat Detection page.
- Click Workloads.
Before you begin
To access the Workloads page, you must enable Container Runtime Security.
Container Runtime Security is a special add-on to the Command Platform and requires a separate license. To configure this feature using the options described in this article, you must first ask Rapid7 Support or Customer Success to enable your license.” “title”: “Enable your license for Container Runtime Security
Explore workloads
Workloads are evaluated using runtime and configuration signals.
| Risk Factor | Description |
|---|---|
| Internet facing | Publicly reachable from the internet |
| External facing | Accessible outside the cluster |
| Privileged | Running in privileged mode or with elevated permissions |
| Secret Access | Has access to Kubernetes secrets |
| Host Access | Can access the host system (for example, hostPath volumes) |
| Data Access | Accesses sensitive or persistent storage |
The profiling engine observes runtime behavior to establish a baseline.
| Status | Meaning |
|---|---|
| Completed | Sufficient runtime data collected |
| Learning | Profiling in progress |
| Missing | Insufficient visibility or coverage |
| Failed | Profiling error or misconfiguration |
Investigate workload details
Selecting a workload opens a detailed page with three tabs:
Graph
The Graph tab visualizes workload runtime context, including:
- Observed network connections (last 24 hours)
- Mounted volumes and resources
Optional display layers include:
- Network Policy status
- Port and protocol
- Vulnerabilities
- Incidents
- Workload names
This view helps identify connectivity patterns and exposure.
App Profile
The App Profile tab shows baseline runtime behavior, including:
- Processes running inside containers
- Files accessed or modified
- API calls
- Network traffic
- Linux capabilities used
- System calls (syscalls)
This runtime baseline helps detect anomalies such as:
- Reverse shells
- Cryptomining activity
- Privilege escalation
- Unexpected binaries
Details
The Details tab provides workload security posture information, including:
- Cluster, namespace, and pod details
- Deployment information
- Risks
- Available protection