What the Forest Map shows

The Forest Map connects your security tools to the capabilities they support, so you can see coverage, gaps, and overlap in one view.

Last updated June 30, 2026

The Forest Map — shown in the app as CANOPY — is the view that connects your security stack to the work that stack is supposed to do. Tools sit on one side, capabilities sit on the other, and the lines between them tell you where you are covered and where you are exposed.

Illustrative example data

CANOPY is interactive: open the Tools tab on the right edge to search every tool and jump straight to it (the map flies there and opens a detail panel that floats over the canvas, so the map never shrinks). Click a tool or an integration link for its details, and hover to highlight what connects to what.

Capabilities are the source of truth in Forest. A capability is a discrete security function or process, such as Patch Management or Identity Provisioning. The Map shows which of your tools support each capability, which capabilities have no tool behind them, and where several tools claim the same function.

That picture answers three questions security leaders ask constantly:

  • Which capabilities are covered, and by what

  • Where you have gaps, meaning a capability with no supporting tool

  • Where you have overlap, meaning more than one tool doing the same job

A gap on the Map is different from a low maturity score. The Map tells you whether a capability has tooling behind it. Your CAMP assessment tells you how well that capability is actually performed.

The Map does not score your program on its own. It gives the context behind the numbers. When you see a domain scoring poorly in CAMP, the Map often explains why: no tool, the wrong tool, or three tools fighting over the same ground.

To build this view, you add your tools and confirm how they map to capabilities. Start with Adding tools, then review Tool-to-capability mappings.