Firewall Analyzer Overview

Want to know more about how the Firewall Analyzer App works?

Firewall Analyzer results are categorized differently than other apps. Make sure you have read the "How Should I Analyze These Results" section at the bottom of this page at least once

What is the Firewall Analyzer?

The Firewall Analyzer works similarly to an Intrusion Detection System, but without buying and installing an expensive device (if you have an IDS/IPS, our app can help make sense of those logs too!). We analyze your logs and surface only what is important.  


RocketCyber is developing the capability to automatically save a copy of your syslog data for compliance or archival purposes.

How does it work?

You configure the app to send firewall logs to one of your RocketCyber-connected computers. That computer runs our firewall analysis software to find malicious traffic, data leaks, and a wide variety of reconnaissance and attack vectors. Any events trigger an immediate alert that will appear on your RocketCyber dashboard.

How Should I Analyze These Results?

Note that events such as changes in VPN activity could mean nothing if your clients commonly use VPN, or could be indication of active compromise if you do not have VPN capabilities set up at all.

Make sure you check what the message says. Depending on the firewall type, settings, and situation; the message may say that the event is ongoing, or it may say that the firewall has already taken corrective action automatically.