Solved: Retrieving Rule Hit Count and Unused Rules Informa...

Veeraselvam_man · ‎2023-09-05

Hello everyone,

I'm working with a Checkpoint Gateway/Management server and I'm interested in retrieving specific information about rule hits and unused rules. I would appreciate your guidance on how to achieve this through the API, including any relevant commands and limitations.

1. **Rule Hit Count Details:**
- Is there a way to obtain detailed information on rule hit counts?
- Can I retrieve rule hit counts for various time frames such as the last 24 hours, 7 days, 30 days, 60 days, or a custom range?
- Please provide the appropriate API commands for retrieving this information.
- Are there any limitations or considerations I should be aware of when using these commands?

2. **Unused Rules List:**
- Is there a method to identify and obtain a list of unused rules in the firewall configuration?
- Similar to rule hit counts, can I obtain information about unused rules for specific time frames (e.g., last 24 hours, 7 days, 30 days, 60 days, or custom)?
- Please share the relevant API commands for accomplishing this task.
- Are there any constraints or important details to keep in mind when working with these commands?

I'm eager to enhance my understanding of these functionalities, and your expertise would be invaluable. Thank you in advance for your assistance!

Best regards,
M.Veeraselvam

Daniel_Kuhl1 · ‎2025-01-10

There is an example in the Check Point - Management API reference.

POST {{server}}/show-access-rulebase
Content-Type: application/json
X-chkp-sid: {{session}}

{
  "offset" : 0,
  "limit" : 20,
  "name" : "Network",
  "details-level" : "standard",
  "use-object-dictionary" : true,
  "show-hits" : true,
  "hits-settings" : {
    "from-date" : "2014-01-01",
    "to-date" : "2014-12-31T23:59",
    "target" : "corporate-gw"
  }
}

View solution in original post

Youssef_Obeidal · ‎2023-09-05

Hi

show access-rulebase MGMT API can all hitcount details
See Check Point - Management API reference
In addition - there is a tool in Check Point github that clears/disables unusaed rules- GitHub - CheckPointSW/PolicyCleanUp: Check Point PolicyCleanUp tool allows automatic cleanup of your...

Noli_Pineda · ‎2025-01-09

Can this be done using REST API calls?

Daniel_Kuhl1 · ‎2025-01-10

There is an example in the Check Point - Management API reference.

POST {{server}}/show-access-rulebase
Content-Type: application/json
X-chkp-sid: {{session}}

{
  "offset" : 0,
  "limit" : 20,
  "name" : "Network",
  "details-level" : "standard",
  "use-object-dictionary" : true,
  "show-hits" : true,
  "hits-settings" : {
    "from-date" : "2014-01-01",
    "to-date" : "2014-12-31T23:59",
    "target" : "corporate-gw"
  }
}

Daniel_Kuhl1 · ‎2025-01-10

Here is some sample output:

<output removed>
hits:
percentage: "3%"
level: "low"
value: 53680
first-date:
posix: 1735832392000
iso-8601: "2025-01-02T16:39+0100"
last-date:
posix: 1736500492000
iso-8601: "2025-01-10T10:14+0100"
</output removed>

Are you a member of CheckMates?

Retrieving Rule Hit Count and Unused Rules Information via API