Want to know more about how the Firewall Analyzer App works?
Firewall Analyzer results are categorized differently than other apps. Make sure you have read the "How Should I Analyze These Results" section at the bottom of this page at least once
What is the Firewall Analyzer?
The Firewall Analyzer works similarly to an Intrusion Detection System, but without buying and installing an expensive device (if you have an IDS/IPS, our app can help make sense of those logs too!). We analyze your logs and surface only what is important.
RocketCyber is developing the capability to automatically save a copy of your syslog data for compliance or archival purposes.
How does it work?
You configure the app to send firewall logs to one of your RocketCyber-connected computers. That computer runs our firewall analysis software to find malicious traffic, data leaks, and a wide variety of reconnaissance and attack vectors. Any events trigger an immediate alert that will appear on your RocketCyber dashboard.
How Should I Analyze These Results?
Unlike other apps, "informational" results in the Firewall Analyzer cannot always be safely ignored. In general, the Firewall Analyzer follows the following schema
Network hijacking attempt in progress
||Probably bad, some variation depending on your particular situation
Possible data leak
Probable scanning activity
Probably bad. The difference between Informational and Suspicious in the Firewall App is the degree to which this could be normal behavior for certain types of businesses.
I.e. an informational message on Firewall Analyzer could be something very bad, or nothing. Some familiarity with your specific business situation is needed to determine which.
Login activity from an unexpected source
Changes in VPN activity
Note that events such as changes in VPN activity could mean nothing if your clients commonly use VPN, or could be an indication of active compromise if you do not have VPN capabilities set up at all.
Make sure you check what the message says. Depending on the firewall type, settings, and situation; the message may say that the event is ongoing, or it may say that the firewall has already taken corrective action automatically.