Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
yongjun_jin
Participant

how do i get rule hits detail(first-date) by using web service ?

Hello. I develop firewall application using Management API  Reference.

in web-service, show-access-rule give us hits Object include first-date, last-date, level, percentage, value.

(Check Point - Management API reference )

but I only received hits Object include percentage, value.

"hits" : {
"percentage" : "0%",
"value" : 0
},

Can I get more detail hits Object??? 

I want to get last-date.

I already set arguments like below

show-hits = true

details-level = full

7 Replies
PhoneBoy
Admin
Admin

Moving this to Developers (Code Hub)

What was the full API call you made?

Mike_A
Advisor

If I am reading this correctly, you want to know the last date that the specific rule was hit? 

I just ran the command below from SmartConsole CLI, within the output I was able to see, for this specific rule, there is a "last-date". Is this what you were looking for? Or did you want to return only the output of the "last-date" value? 

show access-rule layer "POLICY_NAME" name "RULE_NAME" details-level full show-hits true

hits:
percentage: "0%"
level: "low"
value: 11005459
first-date:
posix: 1532439516000
iso-8601: "2018-07-24T09:38-0400"
last-date:
posix: 1541555809000
iso-8601: "2018-11-06T20:56-0500"

yongjun_jin
Participant

Thanks for your comment.

0 Kudos
Joshua_Hatter
Employee
Employee

If the rule hit value is zero like in your example, how could there ever be a first hit or last hit. Think about it.

Otherwise your using the appropriate command.

yongjun_jin
Participant

Thanks for your reply.

But I think that api response have to include date information even if hit value is zero.

It depends on the api developer.

Deleting date information gives us simple view. 

But It need more code for json parsing.

Also It is different from smart console cli response.

0 Kudos
Mike_A
Advisor

As Joshua said, if there were no hits, how would there ever be a value in that field.

I think what you would then need is a "creation-time". I believe the rule creation-time is at the top of the details under meta-info. If hit value = 0, then query the rule creation time, if it is older then say 90 days, with no hit, then disable, or whatever you want to do with it. 

0 Kudos
Joshua_Hatter
Employee
Employee

It would require the same amount of code. As of now, you can just check if there is any hits. If we included the last-date as a null value, you would have to check if it was null.

It's cleaner this way with no date on 0 hit in my opinion.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events