fatcousin
// industry vertical

NGFW / firewall platform forensics

Palo Alto · FortiGate · Check Point · Firepower · Juniper SRX · Sophos XG · WatchGuard · pfSense · OPNsense · multi-NGFW traffic correlation across firewall log exports.

tools
12
priority
H
processing
local · in browser

start here · primary tools

ordered. work top-down. the first tool is the suggested entry point for this vertical.

  1. palo alto traffic log forensic analyzerdrop palo alto traffic log export · parse app-id + rule + session end reason · runs locally
  2. fortinet fortigate traffic log forensic analyzerdrop fortigate traffic log export · parse policy id + utm refs + action · runs locally
  3. checkpoint firewall log forensic analyzerdrop checkpoint log export · parse blade + rule + nat hints · runs locally
  4. multi ngfw traffic correlatordrop 2+ ngfw traffic exports · correlate src/dst + app overlap · runs locally
  5. case report generatorfill in case number · examiner · dates · findings · drop evidence files for auto hash · generates structured forensic report PDF · runs locally

also useful · secondary tools

cross-cutting tools that surface depending on the specific investigation.

  1. cisco firepower connection log forensic analyzerdrop firepower connection event export · parse intrusion policy + file action · runs locally
  2. juniper srx flow log forensic analyzerdrop srx flow session log export · parse zone + policy + service · runs locally
  3. sophos firewall traffic log forensic analyzerdrop sophos xg traffic log export · parse fw rule + app control + web filter · runs locally
  4. watchguard firebox traffic log forensic analyzerdrop watchguard traffic log export · parse policy + geolocation + ips hit · runs locally
  5. pfsense filterlog forensic analyzerdrop pfsense filterlog export · parse rule number + interface + action · runs locally
  6. opnsense firewall log forensic analyzerdrop opnsense firewall log export · parse alias + gateway + block/pass · runs locally
  7. evidence manifest generatordrop evidence files · compute md5 sha1 sha256 · chain of custody manifest · case number · analyst · export pdf and csv · runs locally

want deeper NGFW coverage?

this vertical is intentionally sparse — deep-moat coverage grows over time. tracked in the forensics rollout.

ready