The Cisco Panoptica Navigator view shows the environments, and the workloads running on them, on your clusters or VMs (on which the controller is deployed). It also shows the connections between environments and between workloads.

The Navigator view has two modes: Security View, and Operations View.

Security View

The Security View shows the workloads in your environments, and the connections between them.

You can apply filters to the view, to customize the view to your needs.


The initial view shows the environments and the connections between them. Items in blue indicate workloads and connections that are permitted according to the runtime environment and connections policies.

Items in orange indicate violations of runtime policies (in the case of an environment, by at least one workload in the environment, and in the case of connections, by at least one connection).

Connections in red indicate the connection is blocked by a runtime policy rule.

Double-click on an environment to expand it to show the workloads running in it, and their connections. The information panel on the right shows more details for the environment, including the infrastructure on which it is running (see Environments.


Click on a workload or connection to show more detail for it in the information panel.



Click on the legend symbol (on the right) to open a legend of symbols used in the Navigator view.


This is the Navigator symbol legend:


Entities appear according to ther Entity Type (for example, a pod, an environment, and external source, or an API). These are color coded according to deployment status (allowed, detected, or blocked). They may also be overlaid with Indications indicating the type of entity (a Panoptica known entity, or Not Identified).

Similarly, connections between entities are marked as regular or encrypted, and according to connection status (detected, blocked).


Use the filter pane on the left to show specific workloads.

You can select the following filter options:

  • Time range - the period in which the workloads and connections were monitored.
  • Quick Filters - global options, applied to the view.
  • Environments - select specific environments by name
  • API Risk - the risk level associated with an API provider (for API entities)
  • Workloads - select specific workloads by name, regardless of the environment in which they are running
  • Labels - select environments and workloads according to labels applied to them
  • Namespaces - select specific namespaces

Click DONE to save the selections. The displayed map will be updated according to the selections.


Create rules from the Navigator

You can create new connection rules directly from the map view. Click on a connection in the map view (either permitted or blocked). The information panel on the right will have an option to create a new rule, based on the details for the selected connection (source, destination, etc).


Operation View

The Operations View shows network activity in your environments.

Set the mode switch to Operations view, to show network activity.


The view shows connections between workloads. In the view below, the workloads are grouped by environment (to declutter). Lines show connections, and the direction of communication.


As in the workload map view, the items in the graph are color-coded.

Lines in blue indicate connections that are permitted according to the runtime connections policies.

Lines in orange indicate violations of runtime connections policies (in a grouped view, by at least one connection).

Connections in red indicate the connection is blocked by a runtime policy rule (by at least one connection, if the view is grouped).

Click on a connection line to show detail for the network activity. This shows statistics for the network activity (load, success rate, etc.) over time.