Discovery & Metrics
This guide explains how the platform provides enterprise administrators with visibility into AI coding assistants and MCP (Model Context Protocol) tool usage across their organization.
Discovery: Understand which MCP servers and tools are in use and by whom, so governance is grounded in actual usage rather than assumptions.
Metrics, insights, and usage: Learn how the console in Highflame Studio presents this data in a structured, actionable way for monitoring, auditing, and informed policy decisions.
Code Agent Control Plane is designed for organizations that need to discover first, then govern. Administrators gain visibility into real-world usage and can confidently define policies based on what has been observed.
Discovery Page: MCP Servers Across Your Organization
The Discovery page gives enterprise administrators a centralized view of AI coding assistant usage and the security posture of MCP (Model Context Protocol) servers across the organization.
Summary metrics
Discovered MCP Servers The total number of MCP servers detected across your organization. This includes every server that developers’ IDEs or agents have connected to and that Overwatch has scanned.
Security Issues The total number of detected security issues across all discovered MCP servers, such as vulnerabilities, misconfigurations, or policy concerns. This metric is highlighted to help administrators quickly prioritize remediation efforts.
MCP Usage The number of distinct users who have interacted with MCP servers. This provides visibility into the breadth of adoption and the overall scope of MCP usage within the organization.
Together, these metrics answer three foundational questions:
How many MCP servers are in use? How many security issues exist? And how are users are interacting with them?
MCP servers overview
The MCP Servers Overview table lists “All MCP servers discovered across your organization” with one row per server. Typical columns:
Server
Server name and details
Users
Number of distinct users who have used this server. Lets you see which servers are shared across the org vs. used by a few people.
Tools
Number of tools (e.g. capabilities or endpoints) exposed by the server. Helps understand scope and complexity.
Scan Status
Indicates that the server was successfully scanned for security checks
Code Agent
Which AI coding assistant(s) are connecting to this server (e.g. Cursor, Claude, Gemini). A server may appear with multiple agents if different IDEs use it.
Last Scanned
When the server was last scanned (e.g. “11 days ago”). Helps prioritize re-scanning or investigation.
From this table, admins can:
See which MCP servers exist in the organization.
See who uses them (user counts, code agents).
See scan and security status (scan status, and when combined with Security Issues, which servers contribute to the total issue count).
Use this as the basis for policy: once you know what is discovered, you can configure policies (e.g., allowlist, blocklist, or conditions) for those servers and tools. Policy and Playground are covered separately.
Metrics, Insights, and Usage
Discovery produces raw data (servers, users, tools, events, threats). The Overwatch console turns that into metrics, insights, and usage views so admins can monitor, audit, and make decisions without digging through logs.
How It Fits Together
What MCP servers exist and who uses them?
Discovery → MCP Servers Overview table
Which MCP tools are used most?
Insights → Most common Agent action and MCP tools Discovery → server-level detail
How is our security posture?
Insights → risk %, threats logged, blocked actions Threats & Violations → Total/Allowed/Denied/Threats
Which code agents are adopted and how active?
Agent Usage → adoption chart, activity over time, summary cards
Who did what, and was it allowed or denied?
Threats & Violations (event list + filters) Sessions (session list + filters)
Configure policy for what we discovered?
Use Discovery and Insights to decide what to govern; then use Policy to define and test rules.
Discovery gives you the inventory and usage (who is using what). Metrics, insights, and usage views in the console give you the structure to monitor, audit, and act, so you can govern based on what is actually in use across your organization.
Last updated