Data Flow Mapping

Data Flow Mapping gives you an interactive, visual graph of how data moves between services inside your environment. Each node is a microservice or data store; each edge represents observed data flow with metadata about volume, sensitivity, and frequency.

Graph Components

Nodes

Node Type	Represents
Service	Application workload (pod, container, VM process)
Data Store	Database, cache, message queue, or object store
External	Third-party domain or API (shown at the graph edge)

Edges

Each edge carries:

• Direction -- which service initiated the connection
• Volume -- bytes transferred in the observation window
• Sensitivity tags -- classifiers detected in the payload (e.g. PII, PCI, PHI)
• Frequency -- number of distinct connections observed

Filters

Use the toolbar to narrow the graph:

• Time range -- view flows from the last hour, day, week, or custom window
• Sensitivity -- show only edges carrying specific data types
• Service -- highlight a single service and its immediate neighbours
• Namespace / Environment -- scope to a Kubernetes namespace or deployment environment

Use Cases

Compliance Mapping

Overlay the data flow graph with your compliance scope to verify that sensitive data only travels through approved paths. Export the graph as evidence for auditors.

Blast Radius Analysis

Select a compromised or at-risk service and instantly see every data store and downstream service it can reach. This accelerates incident triage and containment planning.

Architecture Review

Use the graph during design reviews to validate that new services follow data-handling policies before they ship to production.

Shadow Data Detection

Identify unexpected flows -- services writing sensitive data to caches or queues that were not designed to hold PII.

Related Pages

• Egress Monitoring -- outbound flows to third-party destinations
• Runtime Monitoring -- real-time query-level monitoring on data stores
• Identities -- map flows back to the users and roles behind each service