- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
Hi
I am trying to export the rules with zero hit count for past three months using API to do a rule base clean up.
Is there a way to filter only the rules with zero counts to be exported using show access-rulebase command
My commnad as follows
mgmt_cli show access-rulebase offset 0 limit 20 name "Network" details-level "standard" use-object-dictionary true show-hits true hits-settings.from-date "2019-01-01" hits-settings.to-date "2019-01-30" hits-settings.target "XXX"
Thanks & Regards
Arun
Hi Arun,
You may try this.
mgmt_cli show access-rulebase offset 0 limit 20 name "Network" details-level "standard" use-object-dictionary true show-hits true hits-settings.from-date "2019-01-01" hits-settings.to-date "2019-01-30" hits-settings.target "XXX" --format json -u XXX -p XXX |jq -r '.rulebase[].rulebase[]|select(.hits.value == 0)| [."rule-number", ."name", ."comments", ."enabled" ]|@csv' > Unusedrules.csv
HTH,
Kannan
The API team has actually recently released a script to accomplish something very similar. It might work directly for you or maybe you can draw inspiration from it.
Hi Joshua
That looks to be an awesome tool and could save us a lot of time 🙂 One bit of enhancement that I think would be great is to include an option where you can exclude rules that were created or modified within X period of time as well. That would save not taking action on a lot of recently added rules.
Is this still the case? Do we need to install pip, setuptools, etc?
Hi Arun,
You may try this.
mgmt_cli show access-rulebase offset 0 limit 20 name "Network" details-level "standard" use-object-dictionary true show-hits true hits-settings.from-date "2019-01-01" hits-settings.to-date "2019-01-30" hits-settings.target "XXX" --format json -u XXX -p XXX |jq -r '.rulebase[].rulebase[]|select(.hits.value == 0)| [."rule-number", ."name", ."comments", ."enabled" ]|@csv' > Unusedrules.csv
HTH,
Kannan
Hi,
i am new to this so wanted your help
what does XXX mean? where should i mention the server name?
can you please guide me
thanks,
Sudhir Mirajkar
mgmt_cli show access-rulebase offset 0 limit 20 name "Network" details-level "standard" use-object-dictionary true show-hits true hits-settings.from-date "2019-01-01" hits-settings.to-date "2019-01-30" hits-settings.target "XXX" --format json -u XXX -p XXX |jq -r '.rulebase[].rulebase[]|select(.hits.value == 0)| [."rule-number", ."name", ."comments", ."enabled" ]|@csv' > Unusedrules.csv
Hi I have tried this I am able to get the output for "mgmt_cli show access-rulebase offset 0 limit 20 name "Network" details-level "standard" use-object-dictionary true show-hits true hits-settings.from-date "2019-01-01" hits-settings.to-date "2019-01-30" hits-settings.target "XXX" --format json -u XXX -p XXX "
but after enter to jq I am unable to get the output
I am getting the below output
" mgmt show access-rulebase name "xxxx" details-level "xxxx" show-hits true hits-settings.from-date "2020-01-01" hits-settings.to-date "2020-04-03" hits-settings.target "xxxx" --format json -u ."json" -p ."json"|jq -r '.rulebase[].rulebase[]|select(.hits.value == 0)| [."rule-number", ."name", ."comments", ."enabled" ]|@csv'
MGMT9000 Invalid value [.rulebase[].rulebase[]|select(.hits.value == 0)| [."rule-number", ."name", ."comments", ."enabled" ]|@csv] of parameter [ $▒▒▒X▒▒▒x▒- x▒- y▒- x▒- ▒- x▒- ▒▒▒, $▒▒▒X▒▒▒x▒- x▒- y▒- x▒- (▒- x▒- ▒▒▒]
Checkpoint>"
Can some one help me to get rid of this problem
Thanks,
Venu.
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
Thu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASEThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY