Network Security
Firewall events, IDS alerts, blocked IPs & VPN sessions
SYS.SEC_V3.8 // ACTIVE
🛡️ White-Label
Last scan: Real-time
SS
Network Command Center — AWS Virtual Private Gateway (NetShield Enterprise)
🔗 Connected Interface: AWS IAM Identity Center Active Link Interface Active
View All Findings →
97%
Gateway ACL Rate
Open Vulnerable Ports
4
🚨 exposed to network sweeps
IDS Intrusion Threats
5
Inbound connection attempts
SLA Warn Status
WARNING SPIKE
Active Tunnels: 412 VPN Sessions
Module 03

Network Runway Telemetry

DEMO DATANOMINAL
EDGE FIREWALL GATEWAYINTERNET142.6M pktsFIREWALLIDS/IPS ActiveINTERNALClean trafficIDS TRIGGEREDBLOCKED SOURCE IPs103.21.4.x45.155.x.x91.234.x.x185.x.x.xVPN: 48 tunnels active4,210 IPs geo-blocked
Packets Logged Funnel
○ BASELINE
1.4KPackets LoggedTotal firewall ingress packets logged
184Port ProbesProbes on restricted ports detected
9Geo-Blocked IPsConnection attempts from restricted geo-zones
1.3KClean PayloadsValid non-malicious payloads forwarded
Enterprise GRC Checkpoint
Boundary ProtectionENTERPRISE
Verify perimeter firewall access controls and geo-IP blocks.
Port ComplianceENTERPRISE
Scan external interfaces to audit and close vulnerable ports.
🛡️ Next-Generation Firewall (NGFW) Ingress Access Control

List open network gateway ports scanned on public servers. Close open ports to enforce boundary least privilege.

Vulnerable PortExposure RiskFirewall ACL Action
Port 22SSH (AWS ECS Host Daemon)Open administrative port. Secure via AWS Systems Manager SSM Session Manager.Critical
Port 1433MSSQL (AWS RDS SQL Server)Active RDS database ingress facing public AWS Subnet. Secure via RDS Security Group.High
🚨 IDS/IPS Intrusion alerts & Detection Ledger

Real-time signatures matching malicious connection sweeps. Activate IPS prevention filters to block source IPs dynamically.

AWS GuardDuty: Lazarus Malware C2 Outbound CallSource Socket: 198.51.100.12 (Unknown Proxy)
critical

Active signature vector matching: protocol HTTPS/Beacon sweep attempts.

📡 Wireshark Live Packet Analyzer & PCAP SnifferMonitor raw networking packets (TCP/UDP/ICMP) inside active interfaces.
[READY] Console interface active. Click "Capture Packet Stream" to trace real-time TCP/UDP socket payloads...
🔌 SIEM logs Correlation Engine

Centralized SIEM platform correlator. Synthesize raw gateway alerts, port checks, and auth drifts into correlation logs.

FIN7 Portscan correlated with subsequent failed SSH root logins
Weight: Critical CVSS 9.2 · Checked: 17 Scans
Okta SSO travel spikes correlated with multiple outbound firewall packets
Weight: High CVSS 8.4 · Checked: 3 Session Drifts
Continuous ICMP echo sweeps correlated with stale API key token calls
Weight: Medium CVSS 5.8 · Checked: 8 Event Logs
SIEM Correlation Audit Coverage
Active SIEM Rules Audited:0 of 3 correlated
Gateway SIEM & Firewall Orchestration Terminal
📊 Weekly Firewall Packet Filter Trend
🔒 Virtual Private Network (VPN) Gateway Monitor

Active corporate VPN encrypted tunnels. Terminate active sessions to simulate containment of compromised external nodes.

User & EndpointLocationStatusAction
fleet-ops@unitedrentals.comIP: 198.51.100.12Chicago, USActive IPsec
rental-portal@unitedrentals.comIP: 203.0.113.5Dallas, USActive SSL Tunnel
🚫 Inbound Blocked Sources & Threat Intelligence

List of malicious IP blocks locked at firewall boundary. Trace active route path hops to verify origin node networks.

Origin Attacker IPLocationDropped VolTrace Audits
198.51.100.12Type: Brute Force HostUnknown Proxy12,400 packets
203.0.113.89Type: Port Sweep HostEastern Europe Host9,800 packets