Click any screenshot to enlarge
Main Screen
Clean import-first workspace with the full audit navigation in the sidebar. Drop in an XML config, device state bundle, or tech support file to start the analysis.
High Risk Rules
Dedicated review of rules flagged with elevated risk β including severity score, device group, finding count, and per-rule descriptions.
Detailed Findings
Per-rule breakdown showing source, destination, zones, applications, and flagged issues with remediation guidance
Duplicate Object Detection
Identifies duplicate address objects sharing the same value and flags unreferenced entries for cleanup
Shadowed Rules
Detects rules completely or partially shadowed by earlier entries that will never be matched, with detailed remediation steps
Compliance Assessment
Regulatory compliance scoring against ISO 27001, NIST, PCI-DSS, HIPAA, GDPR, SOX, CIS, and APRA CPS 234 with per-control pass/fail detail
Optimisation Recommendations
Service group consolidation suggestions to reduce rule complexity and improve manageability
Attack Surface Analysis
Zone Exposure Matrix revealing all permitted inter-zone communication paths with risk-level scoring
Object Cross-Reference
Maps every address and service object to its type, value, and rule usage count across the configuration
Object Reference Integrity
Checks that every address, service, and security profile referenced by a rule actually exists β catching broken references introduced by Panorama imports or partial cleanups.
Unused Objects
Lists address objects, service objects, and groups defined in the configuration but never referenced by any rule β safe candidates for cleanup.
Best Practices Score
Palo Alto best practices audit covering App-ID usage, logging configuration, and policy structure with pass/fail checks
DNS Resolution Check
Tests FQDN-based address objects against live DNS to surface stale or unresolvable entries
Management Access Security
Audits interface management profiles for insecure protocols and flags management access on data interfaces
Rule Expiry & Temporal Analysis
Identifies rules with expired schedules and rules that appear temporary but have no expiry date set
Cleartext Protocol Exposure
Detects cleartext protocols crossing zone boundaries with per-rule findings and remediation recommendations
Decryption Policy Gap Analysis
Identifies traffic flows that bypass SSL/TLS decryption, creating blind spots in security inspection
Decryption Profile Review
Audits SSL/TLS decryption profiles for weak certificate validation, permissive failure modes, and unsupported-mode bypasses that silently disable inspection.
Geo-IP & Sanctions Exposure
Checks external-facing rules for geographic restrictions against sanctioned and high-risk regions
Lateral Movement Risk Analysis
Analyses internal zone-to-zone rules that allow broad access, identifying lateral movement opportunities
Segmentation Effectiveness
Scores network segmentation strength with a Zone Relationship Matrix and highlights weak segment boundaries
Stale Rule Detection
Flags rules referencing missing objects, stale connections, and patterns that suggest the rule is no longer active
Egress Filtering Analysis
Identifies outbound rules that pose data exfiltration or command-and-control risk
Authentication Policy Review
Reviews Authentication policy rules used for Multi-Factor Authentication enforcement β coverage of sensitive applications, user targeting, and profile assignment.
Application Override Review
Flags application-override rules that force traffic to be classified as a specific App-ID, bypassing App-ID inspection β a common cause of hidden risk.
DoS Protection Review
Audits DoS protection rules and profiles, reporting active rules, protect/allow/deny disposition, and rules missing a DoS profile attachment.
HIP Integration Review
Inventories Host Information Profile (HIP) objects and profiles, and verifies that authentication and security rules actually reference them where posture checks are expected.
QoS Rule Review
Reviews Quality of Service policies β active rules, matching criteria, and the set of unique QoS classes in use β to validate bandwidth controls.
Security Profile Content
Inspects URL Filtering, Anti-Spyware, Vulnerability, and other security profile content β flagging malicious categories not blocked and empty / unconfigured profiles.
Security Findings Tracker
Track remediation progress across audits with baseline comparison, showing resolved, open, and new findings