This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Arun66
Explorer
‎2019-02-07 12:42 AM
Jump to solution

Rule base export with zero hit count

Hi 

I am trying to export the rules with zero hit count for past three months using API to do a rule base clean up.

Is there a way to filter only the rules with zero counts to be exported using show access-rulebase command

My commnad as follows 

mgmt_cli show access-rulebase offset 0 limit 20 name "Network" details-level "standard" use-object-dictionary true show-hits true hits-settings.from-date "2019-01-01" hits-settings.to-date "2019-01-30" hits-settings.target "XXX"

Thanks & Regards

Arun

Labels
0 Kudos
1 Solution

Accepted Solutions
Kannan_R
Participant
‎2019-02-09 08:39 PM
Jump to solution

Hi Arun,

  You may try this.

mgmt_cli show access-rulebase offset 0 limit 20 name "Network" details-level "standard" use-object-dictionary true show-hits true hits-settings.from-date "2019-01-01" hits-settings.to-date "2019-01-30" hits-settings.target "XXX"  --format json -u XXX -p XXX |jq -r '.rulebase[].rulebase[]|select(.hits.value == 0)| [."rule-number", ."name", ."comments", ."enabled" ]|@csv' > Unusedrules.csv

HTH,

Kannan

View solution in original post

8 Replies
Joshua_Hatter
Employee
Employee
‎2019-02-08 04:59 AM
Jump to solution

The API team has actually recently released a script to accomplish something very similar. It might work directly for you or maybe you can draw inspiration from it.

GitHub - CheckPointSW/PolicyCleanUp 

cem82
Contributor
‎2020-04-16 03:26 PM
In response to Joshua_Hatter
Jump to solution

Hi Joshua

 

That looks to be an awesome tool and could save us a lot of time 🙂   One bit of enhancement that I think would be great is to include an option where you can exclude rules that were created or modified within X period of time as well.  That would save not taking action on a lot of recently added rules.

0 Kudos
Hugo_Zhao
Employee
Employee
‎2020-04-25 11:54 PM
In response to Joshua_Hatter
Jump to solution

Hi Joshua,

I just downloaded the package , but seems the script can not run in SMC , it requires dependancy to install pip , setuptools and so on.

May I know how we move forward this ?

0 Kudos
Casey_Mullarkey
Explorer
‎2020-10-08 08:37 AM
In response to Hugo_Zhao
Jump to solution

Is this still the case?  Do we need to install pip, setuptools, etc?

0 Kudos
Kannan_R
Participant
‎2019-02-09 08:39 PM
Jump to solution

Hi Arun,

  You may try this.

mgmt_cli show access-rulebase offset 0 limit 20 name "Network" details-level "standard" use-object-dictionary true show-hits true hits-settings.from-date "2019-01-01" hits-settings.to-date "2019-01-30" hits-settings.target "XXX"  --format json -u XXX -p XXX |jq -r '.rulebase[].rulebase[]|select(.hits.value == 0)| [."rule-number", ."name", ."comments", ."enabled" ]|@csv' > Unusedrules.csv

HTH,

Kannan

sudhir_mirajkar
Participant
‎2019-11-04 07:41 AM
In response to Kannan_R
Jump to solution

Hi,

i am new to this so wanted your help 

what does XXX mean? where should i mention the server name?

can you please guide me

 

thanks,

Sudhir Mirajkar

0 Kudos
James_ONeill1
Explorer
‎2020-04-18 02:16 PM
In response to sudhir_mirajkar
Jump to solution

Hi Sudhir, All the information you seek can be found in the Management API Reference Guide 😉
0 Kudos
venudevannagari
Explorer
‎2020-04-05 11:28 PM
In response to Kannan_R
Jump to solution

mgmt_cli show access-rulebase offset 0 limit 20 name "Network" details-level "standard" use-object-dictionary true show-hits true hits-settings.from-date "2019-01-01" hits-settings.to-date "2019-01-30" hits-settings.target "XXX" --format json -u XXX -p XXX |jq -r '.rulebase[].rulebase[]|select(.hits.value == 0)| [."rule-number", ."name", ."comments", ."enabled" ]|@csv' > Unusedrules.csv

 

Hi I have tried this I am able to get the output for "mgmt_cli show access-rulebase offset 0 limit 20 name "Network" details-level "standard" use-object-dictionary true show-hits true hits-settings.from-date "2019-01-01" hits-settings.to-date "2019-01-30" hits-settings.target "XXX" --format json -u XXX -p XXX "

 

but after enter to jq I am unable to get the output

I am getting the below output

" mgmt show access-rulebase name "xxxx" details-level "xxxx" show-hits true hits-settings.from-date "2020-01-01" hits-settings.to-date "2020-04-03" hits-settings.target "xxxx" --format json -u ."json" -p ."json"|jq -r '.rulebase[].rulebase[]|select(.hits.value == 0)| [."rule-number", ."name", ."comments", ."enabled" ]|@csv'


MGMT9000 Invalid value [.rulebase[].rulebase[]|select(.hits.value == 0)| [."rule-number", ."name", ."comments", ."enabled" ]|@csv] of parameter [ $▒▒▒X▒▒▒x▒- x▒- y▒- x▒- ▒- x▒- ▒▒▒, $▒▒▒X▒▒▒x▒- x▒- y▒- x▒- (▒- x▒- ▒▒▒]
Checkpoint>"

Can some one help me to get rid of this problem

 

Thanks,

Venu.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events