360 Analytics Limited is an open source firewall analysis and audit software vendor.
Open Source Tools Released:
360-FAAR (360 degree Firewall Analysis Audit and Repair)
A freely available open source firewall policy manipulation tool capable of automating many large operations tasks such as policy cleanup, rule translation, log analysis and object analysis.
360-FAAR is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge policies, translate connectivity rules (ACL's and Policy Entries) and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file!
360-FAAR requires no extra hardware on your network, it can be run from any server with a standard instalation of Perl. 360-FAAR reads the firewall configs and log files OFFLINE and requires no connectivity to the firewall infrastructure it is analyzing, the is no instalation or uninstalation procedure, it is a single file Perl script. 360-FAAR writes the suggested new firewall policies in text to the command line so that they can be coppied and pasted to the firewalls that require new policies.
New Firewall Policy Rulebase are generated automatically by comparing all connectivity found in the log files to the current firewall configurations loaded. The new firewall policies are output in each firewalls native command language (Checkpoint dbedit, Cisco ASA, and Netscreen ScreenOS6 supported). When outputting dbedit commands 360-FAAR also writes an odumper/ofiller format CSV that can be used as a template for tranlsation to many firewalls that can be read in buildobj mode.
360-FAAR uses a 100% data driven model and all internal processing is done using binary CIDR IP address matching. There is no subjectivity within the analysis or the solution!
WooterWoot (Build FW-1, Cisco and Netscreen Policy From Logs)
A log analysis tool that outputs its results as new firewall configs.
The project WooterWoot (Build FW-1, Cisco, Netscreen Policy From Logs) is, in comparison to 360-FAAR, a much simpler project. It is designed to be able to quickly and simply build new policies for firewalls in small or test networks based on the connectivity seen in the logs. It can however be used in conjunction with 360-FAAR to initially build a new policy which 360-FAAR can then rationalize using existing groups and rules pulled from existing firewall infrastructure.
Read more here.
