This message was deleted.

Got it, Thanks for the prompt response. In fact, clusters we run are currently heavily equipped with K8s netpols, So I hope planning on a smoother migration from K8s netpols to NeuVector network rules would be a viable option with what you suggested.

If you always keep the mindset of following the lifecycle of any application workloads that you are running, everything becomes pretty easy. What you want to do is have neuvector establish a fingerprint of the appropriate behavior of your applications, and then either alert or deny anything that is not explicitly defined as permissible in the aforementioned fingerprint. 🙂