User Manual
Complete reference for all features in Pulse v3.1
Getting Started
Pulse runs locally on your Windows machine. Open your browser and navigate to:
🔍 Log Search
Search and filter firewall logs. Default view shows most recent logs. Filters: Source IP, Destination IP, Action, Date range, Protocol.
⚡ Threat Detection
21 automated rules run every 5 minutes. Threats are ranked Critical, High, Medium, Low. Click any threat to see evidence, block the IP, or open a PSA ticket.
📊 Analytics
30-day traffic timeline, protocol breakdown, top source IPs, and geographic map. Updates automatically. Requires at least 1 day of log data.
❤ Security Health Score
0–100 score with A–F grade. Factors include active threats, drop rate, high-risk IPs, and compliance posture. Refreshes every 2 minutes.
📋 Compliance Reports
One-click PCI DSS v4.0, HIPAA, SOC 2, Audit Evidence ZIP, and Cyber Insurance reports. Professional and Enterprise tiers only.
🎫 PSA Tickets
ConnectWise Manage and Autotask supported. Configure credentials in Settings → PSA / Tickets. Create tickets from any threat row with one click.
🔥 Firewall API
Block IPs directly on SonicWall or FortiGate from the threat dashboard. Configure in Settings → SonicWall API or FortiGate API. Enterprise tier.
⚙ Settings Reference
Syslog, Email Alerts, Users, License, Portal, Auto-Reports, 2FA, PSA, SonicWall API, FortiGate API, White-Label, Webhooks.
⚡ All 21 Detection Rules
| Rule | Severity | What it detects |
|---|---|---|
| Port Scan | High | Rapid connections across multiple ports |
| Brute Force SSH | High | 10+ failed SSH attempts in 60 seconds |
| Brute Force RDP | High | Repeated failed RDP login attempts |
| C2 Beacon | Critical | Regular outbound to known C2 servers |
| Data Exfiltration | High | Unusually large outbound data transfers |
| DNS Tunneling | Medium | Encoded data in DNS queries |
| Cryptomining | Medium | Connections to mining pools (3333,4444,5555) |
| Tor Exit Node | Medium | Traffic to/from known Tor exit nodes |
| Geo Block: High Risk | Medium | Traffic from RU, CN, KP, IR, SY |
| DDoS Pattern | Critical | Flood of packets exceeding thresholds |
| Lateral Movement | High | Internal IP scanning other internal IPs |
| AbuseIPDB Match | High | IP with abuse score above 75% |
| Repeated Drops | Medium | IP triggering 50+ drops in one hour |
| SYN Flood | Critical | SYN packets without ACK responses |
| ICMP Flood | Medium | Excessive ICMP ping traffic |
| DNS Amplification | High | Amplification-pattern DNS responses |
| Web Scan | Medium | Rapid HTTP requests across multiple paths |
| FTP Brute Force | Medium | Repeated failed FTP authentication |
| New Admin Protocol | Low | First-time SSH/RDP to an admin IP |
| C2 Beacon | Critical | Traffic matching zero-day signatures |
| Zero-day Pattern | Critical | Known zero-day exploit signatures |