Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
hornung_c
Explorer
Explorer

Getting all Zero Hit Rules from all existing Domains in a MDSM Enviroment

Hi Folks,

 

i created a script to get all Rules with zero hits from all existing domains and want to share it with you.

You may have any ideas to add something.

 

 

#script by christoph hornung
#script for getting all 0-hit rules from all existing domains including global domain
#last change at : 2023/07/07
#chamge reason  : release of the script

#get list of all Domains and variables
FileDir=/home/scpuser/ZeroHits
domains=(`(ls $MDSDIR/customers | sed 's/1//g')`)
domCount=`echo ${#domains[*]}`


echo "Getting 0-Hit Rule Numbers from all Domains ... Please wait..."

#login in to MDS
session=`mgmt_cli --port 4434 -r true login --format json| jq -r '.sid'`

#clear or create empty file
echo "" >> $FileDir/Global.txt

#############GLOBAL POLICY ###############
echo "Getting 0-Hits from Gloabl Policy"

#login to global domain and get number of rules and uid of the global policy layer
globalSession=`mgmt_cli login-to-domain domain Global --port 4434 --session-id $session --format json | jq -r '.sid'`
globalUID=`mgmt_cli --port 4434 show access-layers --session-id $globalSession --format json | jq '."access-layers"[] | select(.name=="Network" and .domain."domain-type"=="global domain")' | grep "uid" | head -n1 | sed 's/\,//g' | sed 's/"uid"://'`
globalLimit=$(mgmt_cli --port 4434 show access-rulebase uid $globalUID --session-id $globalSession limit 1 --format json | jq '.total')
echo "0-Hit Counts from the Global Domain" > $FileDir/Global.txt
mgmt_cli --port 4434 show access-rulebase uid $globalUID --session-id $globalSession limit $globalLimit show-hits true --format json | jq '.rulebase[].rulebase[]? | select(.hits.value == 0) ' | grep -e "rule-number" | sed 's/\"//g' | sed 's/\,//g' >> $FileDir/Global.txt

echo "Done"

#############Domain Layers#################
#loop over the doamin array
for ((n=0; n<$domCount; n++))
do
        #delete old file entries
        echo "" > $FileDir/${domains[n]}.txt
        echo "Getting Zero-Hit Rules from ${domains[n]}"

        #login to domain from array
        domSession=`mgmt_cli --port 4434 --session-id $session login-to-domain domain ${domains[n]} --format json | jq -r '.sid'`

        #get layer id from Newwork Policy with domain Session
        layerID=`mgmt_cli --port 4434 show access-layers --session-id $domSession --format json | jq '."access-layers"[] | select(.name=="Network" and .domain."domain-type"=="domain")' | grep "uid" | head -n1 | sed 's/\,//g' | sed 's/"uid"://'`

        #get number of all rules
        limits=$(mgmt_cli --port 4434 show access-rulebase uid $layerID --session-id $domSession limit 1 --format json | jq '.total')

        echo "0-Hit Counts from ${domains[n]}" >> $FileDir/${domains[n]}.txt
        #get 0-hit rules !!!! the []? suppresses errors on query !!!!
        mgmt_cli --port 4434 show access-rulebase uid $layerID --session-id $domSession limit $limits show-hits true --format json | jq '.rulebase[].rulebase[]? | select(.hits.value == 0) ' | grep -e "rule-number" | sed 's/\"//g' | sed 's/\,//g' >> $FileDir/${domains[n]}.txt

        echo "${domains[n]} Done"
done

#change ownership of the output files
echo "settting scpuser rights to created files"
chown scpuser:users $FileDir/*
echo "Done"
echo "Files written to $FileDir"

 

 

 

0 Kudos
0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events