Getting all Zero Hit Rules from all existing Domains in a MDSM Enviroment

hornung_c — Thu, 07 Sep 2023 11:28:51 GMT

Hi Folks,

i created a script to get all Rules with zero hits from all existing domains and want to share it with you.

You may have any ideas to add something.

#script by christoph hornung #script for getting all 0-hit rules from all existing domains including global domain #last change at : 2023/07/07 #chamge reason : release of the script #get list of all Domains and variables FileDir=/home/scpuser/ZeroHits domains=(`(ls $MDSDIR/customers | sed 's/1//g')`) domCount=`echo ${#domains[*]}` echo "Getting 0-Hit Rule Numbers from all Domains ... Please wait..." #login in to MDS session=`mgmt_cli --port 4434 -r true login --format json| jq -r '.sid'` #clear or create empty file echo "" >> $FileDir/Global.txt #############GLOBAL POLICY ############### echo "Getting 0-Hits from Gloabl Policy" #login to global domain and get number of rules and uid of the global policy layer globalSession=`mgmt_cli login-to-domain domain Global --port 4434 --session-id $session --format json | jq -r '.sid'` globalUID=`mgmt_cli --port 4434 show access-layers --session-id $globalSession --format json | jq '."access-layers"[] | select(.name=="Network" and .domain."domain-type"=="global domain")' | grep "uid" | head -n1 | sed 's/\,//g' | sed 's/"uid"://'` globalLimit=$(mgmt_cli --port 4434 show access-rulebase uid $globalUID --session-id $globalSession limit 1 --format json | jq '.total') echo "0-Hit Counts from the Global Domain" > $FileDir/Global.txt mgmt_cli --port 4434 show access-rulebase uid $globalUID --session-id $globalSession limit $globalLimit show-hits true --format json | jq '.rulebase[].rulebase[]? | select(.hits.value == 0) ' | grep -e "rule-number" | sed 's/\"//g' | sed 's/\,//g' >> $FileDir/Global.txt echo "Done" #############Domain Layers################# #loop over the doamin array for ((n=0; n<$domCount; n++)) do #delete old file entries echo "" > $FileDir/${domains[n]}.txt echo "Getting Zero-Hit Rules from ${domains[n]}" #login to domain from array domSession=`mgmt_cli --port 4434 --session-id $session login-to-domain domain ${domains[n]} --format json | jq -r '.sid'` #get layer id from Newwork Policy with domain Session layerID=`mgmt_cli --port 4434 show access-layers --session-id $domSession --format json | jq '."access-layers"[] | select(.name=="Network" and .domain."domain-type"=="domain")' | grep "uid" | head -n1 | sed 's/\,//g' | sed 's/"uid"://'` #get number of all rules limits=$(mgmt_cli --port 4434 show access-rulebase uid $layerID --session-id $domSession limit 1 --format json | jq '.total') echo "0-Hit Counts from ${domains[n]}" >> $FileDir/${domains[n]}.txt #get 0-hit rules !!!! the []? suppresses errors on query !!!! mgmt_cli --port 4434 show access-rulebase uid $layerID --session-id $domSession limit $limits show-hits true --format json | jq '.rulebase[].rulebase[]? | select(.hits.value == 0) ' | grep -e "rule-number" | sed 's/\"//g' | sed 's/\,//g' >> $FileDir/${domains[n]}.txt echo "${domains[n]} Done" done #change ownership of the output files echo "settting scpuser rights to created files" chown scpuser:users $FileDir/* echo "Done" echo "Files written to $FileDir"

topic Getting all Zero Hit Rules from all existing Domains in a MDSM Enviroment in API / CLI Discussion

Getting all Zero Hit Rules from all existing Domains in a MDSM Enviroment