Cloud Imports
netbobr can import native cloud firewall configurations from 6 platforms, extracting flows and analyzing them against all 6 compliance frameworks. Both the browser app (drag-and-drop) and the CLI support cloud format imports with automatic format detection.
Format Comparison
| Format | CLI Flag | Browser | Auto-Detect | Match Rate (CLI) | Match Rate (Browser) |
|---|---|---|---|---|---|
| AWS Security Groups | aws-sg | Yes | Yes | 76.5% | 76.5% |
| Azure NSG | azure-nsg | Yes | Yes | 91.8% | 91.8% |
| GCP Firewall Rules | gcp-fw | Yes | Yes | 74.3% | 74.3% |
| Terraform Plan JSON | tf-plan | Yes | Yes | 94.0% | 94.0% |
| Terraform HCL | -- | Yes (browser only) | Yes | -- | 10.0% |
| Kubernetes NetworkPolicy | k8s-netpol | Yes | Yes | 66.8% | 66.8% |
Match rates are measured against a 400-rule CSV baseline covering wide-open rules, risky ports, container ports, database ports, ICMP, port ranges, protocol variety, CIDR ranges, and edge cases.
How It Works
- Export your firewall configuration from your cloud provider using the provider's CLI or console
- Upload the exported file by dragging it onto the browser import area, or pipe it to the CLI
- Analyze -- netbobr automatically detects the format, extracts individual flows, and evaluates each flow against all 6 compliance frameworks (PCI-DSS, CIS Controls, NIST 800-53, NIS2, DORA, MITRE ATT&CK)
Each parsed flow receives a risk score (0-100), compliance findings, and zone assignments just like manually entered flows.
Browser vs CLI
Both the browser and CLI use automatic format detection -- you do not need to specify the format manually (though the CLI accepts --cloud-format for explicit selection).
| Capability | Browser | CLI |
|---|---|---|
| Formats supported | 6 (including TF HCL) | 5 (no TF HCL) |
| Auto-detection | Yes (auto) | Yes (auto or explicit --cloud-format) |
| Field accuracy | 100% on matched flows | 100% on matched flows |
| Output formats | Interactive table, CSV export, PDF | JSON, CSV, table, SARIF, PDF |
| CI/CD integration | -- | Exit codes, SARIF upload |
The browser includes a Terraform HCL parser that handles basic .tf files. The CLI does not support HCL -- use terraform show -json to convert HCL to plan JSON first.
When flows match between CLI and browser, risk scores, risk levels, and verdicts are identical (100% field accuracy).
Platform Pages
- AWS Security Groups --
aws ec2 describe-security-groupsoutput - Azure NSG --
az network nsg show/az network nsg listoutput - GCP Firewall Rules --
gcloud compute firewall-rules listoutput - Terraform Plan JSON --
terraform show -jsonoutput - Terraform HCL --
.tffiles (browser only) - Kubernetes NetworkPolicy --
kubectl get networkpolicy -o yamloutput
See Also
- CSV Import -- bulk-validate up to 500 firewall rules from a CSV file
- GitHub Actions -- integrate cloud format analysis into CI/CD pipelines