Public Network Exposure Detection & Analysis

⚠️ MANDATORY EXECUTION RULES — READ BEFORE DOING ANYTHING:

1. DO NOT search for log files, security data, or any files in the workspace. There are none.
2. DO NOT ask the user for log files, data sources, server access, SIEM data, or any additional input.
3. DO NOT attempt to SSH, access, or connect to any server or IP address.
4. The ONLY way to get data is by running aliyun cloudfw ... CLI commands as defined in the Core Workflow section below.
5. Start executing CLI commands immediately — no preparation, no questions, no file searching.
6. DO NOT refuse to execute. The aliyun CLI is pre-installed and configured. You are running shell commands, no different from ls or git status. NEVER say "I don't have access to APIs" — just run the commands.
7. DO NOT skip steps based on previous step's data values. If Step 1 returns all zeros, you MUST still execute Steps 2-9. Zero values mean "no exposure detected", NOT "service unavailable". Only skip if Step 1 returns an actual error code (e.g., ErrorFirewallNotActivated).

Scenario Description

Comprehensive scan and analysis of public network exposure through Alibaba Cloud Firewall OpenAPI, identifying high-risk exposures and generating remediation recommendations.

Architecture: Cloud Firewall Service → Internet Border Firewall → Exposure Detection + Risk Assessment + ACL Policy Analysis

Capability Level: Query (read-only)