How PaSBaT Works

In short: anonymize → upload → analyze → receive audit-ready report.

Overview

  • PaSBaT automates security & compliance audits.
  • The public demo is deliberately “overkill”: large, realistic multi-site topologies (including MPLS), analysis and original/anonymized reports.
  • In production the process is leaner: Anonymize → Upload → Analyze → Report.

Why the Demo is More Complex than Reality

  • Realistic test data: no freely available, large, realistic config datasets – therefore demo network generation as proof of scalability.
  • “Worst-case” simulation: if multi-site/MPLS works automatically, smaller environments will certainly work too.
  • Production is leaner: real networks already exist – network generation & orchestration are unnecessary.

Production Workflow (How it works for customers)

1) Local Anonymization

Lightweight tool runs locally on device configurations.
Result: anonymized .cfgs (no sensitive data).

2) Upload

The anonymized files are uploaded into PaSBaT.

3) Analysis

Evaluation against policies/frameworks (e.g. NIS2/ISO), findings, priorities, GAP analyses.

4) Report

Audit-ready reports (HTML/PDF) incl. evidence and remediation guidance – optionally multilingual.

No live access, no agents, no vendor lock-in.

Demo Workflow (Public PoC)

  • Frontend (VM 1, static): UI & delivery, no compute access.
  • Orchestrator (VM 2): validates form data, starts the pipeline, the only bridge between frontend & backend.
  • Backend (VM 3, containerized):
    • NetGen generates complete, realistic configurations.
    • Analyzer evaluates against rule sets/frameworks.
    • Report Generator creates the original report.
    • Anonymizer produces GDPR-compliant anonymized artifacts + report.
    • Delivery provides results read-only to the orchestrator.
  • Return: Orchestrator delivers topology, files and reports to the frontend.

Note: The live demo is currently only enabled on request to conserve resources.

Security Principles

  • Strict network separation: three isolated VMs (Frontend / Orchestrator / Backend).
  • Least privilege: frontend without backend access; orchestrator as a clear, limited bridge.
  • UFW/Firewall: whitelists, no lateral channels.
  • No customer data in the demo: exclusively generated test data.
  • Automation: every report run is reproducible; no manual intervention needed.

What Does the Report Prove?

  • Run metadata: timestamp, run ID, build version.
  • Traceability: evidence per finding, clear mapping to controls (e.g. NIS2 domains, ISO chapters).
  • Remediation path: actionable steps, priorities, if applicable reference hardening.

Frequently Asked Questions (short)

Is the demo the same as production?

No. The demo is intentionally more complex (multi-site/MPLS). In production, network generation is omitted – only analysis & report remain.

How is data protected?

In production, only locally anonymized configurations are uploaded; no sensitive plaintext data.

Which vendors are supported?

PoC focus currently on Cisco; additional vendors modularly extendable (roadmap based on demand).

Next Steps

Sample Report (anonymized) Sample Report (original) View Technical Demo Start Pilot