When discovery is enabled, information is received from the Information Technology Operations Management (ITOM) team. If the ITOM Discovery is enabled, you can see Kubernetes Namespaces, Kubernetes Clusters, and Kubernetes Services when you open a container vulnerable item (CVIT). Else, you can see Prisma payload information.

The image labels from the Prisma payloads are stored as key value pairs under the docker image. The labels in a Prisma payload are stored in the cmdb_key_value table. To enable this feature, an identification rule is shipped for cmdb_ci_docker_image by the ITOM team. Open the Docker image to view the related items list. Most of the items are populated by the ITOM team. The identification entry for a docker image is shipped to show the values as key value pairs.

The business criticality is determined based on the service criticality information received from the ITOM team. A scheduled job is run to pull data from all the services associated with an image. It calculates the business criticality based on service mapping. As the risk score can depend on business criticality, the risk score is also calculated based on it.