# Command Center The Command Center is the top-level view in Observatory. It gives security teams a real-time snapshot of their organization's security posture across all Highflame products. Navigate to **Highflame Studio** → **Observatory** → **Command Center**. *** ## Security posture score The posture score summarizes your organization's security coverage across four pillars: | Pillar | What it measures | | --------------- | ----------------------------------------------------------------------------------------------------------------------------------- | | **Detection** | Coverage of active threat detectors — what fraction of your agent and browser traffic is evaluated by at least one detection signal | | **Enforcement** | Active blocking coverage — how many guardrail categories and browser policy categories are in Block mode (vs. Monitor-only) | | **Coverage** | Observability coverage — sessions, traces, and tool calls being captured across deployed agents and browser endpoints | | **Velocity** | Response time posture — how quickly detections are triaged, policies updated, and enforcement gaps closed after a signal fires | Each pillar contributes to an overall score (0–100). The score is recalculated continuously as events arrive. *** ## Cross-product correlations The correlations panel surfaces events from different products that share a user, device, or session context within a configurable time window. Examples: * A browser jailbreak attempt followed by an agent session from the same user within 5 minutes * A Shield guardrail block on a tool call that originated from a browser violation session * A Red Teaming scan finding that matches a pattern seen in live production traffic Correlations are surfaced as cards with links to the underlying events. Click through to the Threats or Sessions views for full investigation detail. *** ## UEBA entity risk ranking The entity risk panel ranks users, agents, and devices by behavioral risk score. The risk score is computed from anomaly signals across all event sources: * Frequency of guardrail blocks relative to baseline * Unusual tool call patterns or access to out-of-scope resources * Browser violations correlated with agent activity * Session anomalies (unusual timing, geographic shifts, new device) High-risk entities are surfaced at the top of the list. Click any entity to see its full event history in the Threats view, filtered to that entity. *** ## Detector drift heatmap The drift heatmap shows whether your detection coverage is changing over time. Each cell represents a threat category and time bucket. Cells that turn red indicate that a detector is firing significantly more or less than its baseline — a signal that something in your environment (a new integration, a policy change, a new user behavior) has shifted. Use this view to catch detection regressions before they become gaps. *** ## Blast radius map The blast radius map visualizes the potential impact of a compromise. It shows: * Which agents have access to which tools and resources * Which users and devices have active sessions * Which MCP servers are reachable from which agents If a threat event is selected in the Threats view, the blast radius map updates to highlight the resources reachable from the compromised principal. This helps incident responders scope containment actions quickly. *** ## Cost intelligence The cost panel summarizes AI API spend across your agent fleet, broken down by model, agent, user, and time period. It pulls from the same telemetry as Traces and Sessions, so cost is always attributed to the agent workflow that incurred it. Use this to identify runaway agents, unexpected spend spikes, and opportunities for prompt optimization. *** ## Coverage mesh The coverage mesh is a graph view of your Highflame deployment. Nodes represent products and integrations (Gateway, Shield SDK, Browser Security, Code Agents), and edges represent data flows and coverage relationships. Nodes are colored by health status: * **Green** — product is deployed, active, and reporting * **Yellow** — product is deployed but has gaps (e.g., some agents not instrumented) * **Red** — product is not deployed or has stopped reporting Use the coverage mesh to identify which parts of your agent infrastructure are not yet covered by Highflame. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.highflame.ai/observatory/command-center.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.