Hi Folks,
i created a script to get all Rules with zero hits from all existing domains and want to share it with you.
You may have any ideas to add something.
#script by christoph hornung
#script for getting all 0-hit rules from all existing domains including global domain
#last change at : 2023/07/07
#chamge reason : release of the script
#get list of all Domains and variables
FileDir=/home/scpuser/ZeroHits
domains=(`(ls $MDSDIR/customers | sed 's/1//g')`)
domCount=`echo ${#domains[*]}`
echo "Getting 0-Hit Rule Numbers from all Domains ... Please wait..."
#login in to MDS
session=`mgmt_cli --port 4434 -r true login --format json| jq -r '.sid'`
#clear or create empty file
echo "" >> $FileDir/Global.txt
#############GLOBAL POLICY ###############
echo "Getting 0-Hits from Gloabl Policy"
#login to global domain and get number of rules and uid of the global policy layer
globalSession=`mgmt_cli login-to-domain domain Global --port 4434 --session-id $session --format json | jq -r '.sid'`
globalUID=`mgmt_cli --port 4434 show access-layers --session-id $globalSession --format json | jq '."access-layers"[] | select(.name=="Network" and .domain."domain-type"=="global domain")' | grep "uid" | head -n1 | sed 's/\,//g' | sed 's/"uid"://'`
globalLimit=$(mgmt_cli --port 4434 show access-rulebase uid $globalUID --session-id $globalSession limit 1 --format json | jq '.total')
echo "0-Hit Counts from the Global Domain" > $FileDir/Global.txt
mgmt_cli --port 4434 show access-rulebase uid $globalUID --session-id $globalSession limit $globalLimit show-hits true --format json | jq '.rulebase[].rulebase[]? | select(.hits.value == 0) ' | grep -e "rule-number" | sed 's/\"//g' | sed 's/\,//g' >> $FileDir/Global.txt
echo "Done"
#############Domain Layers#################
#loop over the doamin array
for ((n=0; n<$domCount; n++))
do
#delete old file entries
echo "" > $FileDir/${domains[n]}.txt
echo "Getting Zero-Hit Rules from ${domains[n]}"
#login to domain from array
domSession=`mgmt_cli --port 4434 --session-id $session login-to-domain domain ${domains[n]} --format json | jq -r '.sid'`
#get layer id from Newwork Policy with domain Session
layerID=`mgmt_cli --port 4434 show access-layers --session-id $domSession --format json | jq '."access-layers"[] | select(.name=="Network" and .domain."domain-type"=="domain")' | grep "uid" | head -n1 | sed 's/\,//g' | sed 's/"uid"://'`
#get number of all rules
limits=$(mgmt_cli --port 4434 show access-rulebase uid $layerID --session-id $domSession limit 1 --format json | jq '.total')
echo "0-Hit Counts from ${domains[n]}" >> $FileDir/${domains[n]}.txt
#get 0-hit rules !!!! the []? suppresses errors on query !!!!
mgmt_cli --port 4434 show access-rulebase uid $layerID --session-id $domSession limit $limits show-hits true --format json | jq '.rulebase[].rulebase[]? | select(.hits.value == 0) ' | grep -e "rule-number" | sed 's/\"//g' | sed 's/\,//g' >> $FileDir/${domains[n]}.txt
echo "${domains[n]} Done"
done
#change ownership of the output files
echo "settting scpuser rights to created files"
chown scpuser:users $FileDir/*
echo "Done"
echo "Files written to $FileDir"