Click any screenshot to enlarge
Audit Summary
High risk rules table with severity ratings, device groups, and per-rule descriptions at a glance
Detailed Findings
Per-rule breakdown showing source, destination, zones, applications, and flagged issues with remediation guidance
Duplicate Object Detection
Identifies duplicate address objects sharing the same value and flags unreferenced entries for cleanup
Shadowed Rules
Detects rules completely shadowed by earlier entries that will never be matched, with detailed remediation steps
Compliance Assessment
Regulatory compliance scoring against ISO 27001, NIST, PCI-DSS, HIPAA, GDPR, SOX, CIS, and APRA CPS 234 with per-control pass/fail detail
Optimisation Recommendations
Service group consolidation suggestions to reduce rule complexity and improve manageability
Attack Surface Analysis
Zone Exposure Matrix revealing all permitted inter-zone communication paths with risk-level scoring
Object Cross-Reference
Maps every address and service object to its type, value, and rule usage count across the configuration
Best Practices Score
Palo Alto best practices audit covering App-ID usage, logging configuration, and policy structure with pass/fail checks
DNS Resolution Check
Tests FQDN-based address objects against live DNS to surface stale or unresolvable entries
Management Access Security
Audits interface management profiles for insecure protocols and flags management access on data interfaces
Rule Expiry & Temporal Analysis
Identifies rules with expired schedules and rules that appear temporary but have no expiry date set
Cleartext Protocol Exposure
Detects cleartext protocols crossing zone boundaries with per-rule findings and remediation recommendations
Decryption Policy Gap Analysis
Identifies traffic flows that bypass SSL/TLS decryption, creating blind spots in security inspection
Geo-IP & Sanctions Exposure
Checks external-facing rules for geographic restrictions against sanctioned and high-risk regions
Lateral Movement Risk Analysis
Analyses internal zone-to-zone rules that allow broad access, identifying lateral movement opportunities
Segmentation Effectiveness
Scores network segmentation strength with a Zone Relationship Matrix and highlights weak segment boundaries
Stale Rule Detection
Flags rules referencing missing objects, stale connections, and patterns that suggest the rule is no longer active
Egress Filtering Analysis
Identifies outbound rules that pose data exfiltration or command-and-control risk
Security Findings Tracker
Track remediation progress across audits with baseline comparison, showing resolved, open, and new findings