The Cienaga Systems Virtual Appliance is a passive network monitoring tool deployed at the network perimeter to detect both known malicious activity and unknown attacks by analyzing communication patterns. The appliance is installed on a dedicated Windows PC and operates without degrading or proxying network traffic. It connects to a network switch configured with SPAN (Switched Port Analyzer) port mirroring, where the source port is the internet uplink and the destination port hosts the listening station running the virtual appliance. **Deployment:** - Runs on Windows 10 or newer - Requires two PCIe Gigabit Ethernet NICs: one dedicated monitoring interface (Intel-based chipset recommended) and one management interface - Compatible with WinPcap, Wireshark, and similar packet capture tools - Optional additional NICs can be added to monitor lateral traffic across VLANs **System Requirements:** - CPU: Minimum 2 cores (4 vCPUs), recommended 4 cores (8 vCPUs) - RAM: Minimum 4 GB, recommended 8 GB - Storage: Minimum 100 GB SSD, recommended 300 GB SSD - Managed via any modern web browser (Edge, Chrome, Safari, Firefox) **Network Configuration:** - Requires a switch with SPAN configured to mirror the internet uplink port to the listening station - Additional source ports can be mirrored to monitor lateral (intra-network) communications