Delyan reports are designed to be defensible at audit time. Every finding is reproducible, every verdict is deterministic, and every recommendation traces back to the Firewall config line produced it.
Report structure
Every Delyan report has five sections, in the same order:
1. Executive Summary
High-level posture overview, hygiene metrics, and the highest-impact findings. Designed for CISOs, auditors, and non-technical stakeholders.
2. Critical Findings
The most-impactful issues surfaced by the deterministic analyzer — overly-permissive rules, exposed management services, weak admin policy, etc. Each finding includes the exact rule, the reasoning, and a recommended fix.
3. Detailed Parsing
Full rule listings, all object definitions, and per-finding technical detail for audit and documentation purposes.
4. Rule Analysis
Detailed output from the analysis tools: shadowed, redundant, permissive, expired and unused rules.
5. Compliance Framework
Pass / Fail per control against the compliance framework. Each control links to the evidence — the exact config line that determined the pass or fail.
Risk severity levels
Delyan assigns one of four severity levels to each finding, following common industry convention:
Immediate action required. Severe risk to CIA. Address in 24 hrs.
High-priority issues that should be addressed within a week.
Moderate risks. Schedule to remediate in maintenance window.
Hygiene opportunities. Clean up as part of normal operations.
Export formats
Delyan exports analysis results in two formats:
Audit-grade, branded, ready for stakeholders and examiners. PII redacted automatically.
Per-finding rows with filters. Useful for analyst triage.