- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi
I am trying to export the rules with zero hit count for past three months using API to do a rule base clean up.
Is there a way to filter only the rules with zero counts to be exported using show access-rulebase command
My commnad as follows
mgmt_cli show access-rulebase offset 0 limit 20 name "Network" details-level "standard" use-object-dictionary true show-hits true hits-settings.from-date "2019-01-01" hits-settings.to-date "2019-01-30" hits-settings.target "XXX"
Thanks & Regards
Arun
Hi Arun,
You may try this.
mgmt_cli show access-rulebase offset 0 limit 20 name "Network" details-level "standard" use-object-dictionary true show-hits true hits-settings.from-date "2019-01-01" hits-settings.to-date "2019-01-30" hits-settings.target "XXX" --format json -u XXX -p XXX |jq -r '.rulebase[].rulebase[]|select(.hits.value == 0)| [."rule-number", ."name", ."comments", ."enabled" ]|@csv' > Unusedrules.csv
HTH,
Kannan
The API team has actually recently released a script to accomplish something very similar. It might work directly for you or maybe you can draw inspiration from it.
Hi Joshua
That looks to be an awesome tool and could save us a lot of time 🙂 One bit of enhancement that I think would be great is to include an option where you can exclude rules that were created or modified within X period of time as well. That would save not taking action on a lot of recently added rules.
Is this still the case? Do we need to install pip, setuptools, etc?
Hi Arun,
You may try this.
mgmt_cli show access-rulebase offset 0 limit 20 name "Network" details-level "standard" use-object-dictionary true show-hits true hits-settings.from-date "2019-01-01" hits-settings.to-date "2019-01-30" hits-settings.target "XXX" --format json -u XXX -p XXX |jq -r '.rulebase[].rulebase[]|select(.hits.value == 0)| [."rule-number", ."name", ."comments", ."enabled" ]|@csv' > Unusedrules.csv
HTH,
Kannan
Hi,
i am new to this so wanted your help
what does XXX mean? where should i mention the server name?
can you please guide me
thanks,
Sudhir Mirajkar
mgmt_cli show access-rulebase offset 0 limit 20 name "Network" details-level "standard" use-object-dictionary true show-hits true hits-settings.from-date "2019-01-01" hits-settings.to-date "2019-01-30" hits-settings.target "XXX" --format json -u XXX -p XXX |jq -r '.rulebase[].rulebase[]|select(.hits.value == 0)| [."rule-number", ."name", ."comments", ."enabled" ]|@csv' > Unusedrules.csv
Hi I have tried this I am able to get the output for "mgmt_cli show access-rulebase offset 0 limit 20 name "Network" details-level "standard" use-object-dictionary true show-hits true hits-settings.from-date "2019-01-01" hits-settings.to-date "2019-01-30" hits-settings.target "XXX" --format json -u XXX -p XXX "
but after enter to jq I am unable to get the output
I am getting the below output
" mgmt show access-rulebase name "xxxx" details-level "xxxx" show-hits true hits-settings.from-date "2020-01-01" hits-settings.to-date "2020-04-03" hits-settings.target "xxxx" --format json -u ."json" -p ."json"|jq -r '.rulebase[].rulebase[]|select(.hits.value == 0)| [."rule-number", ."name", ."comments", ."enabled" ]|@csv'
MGMT9000 Invalid value [.rulebase[].rulebase[]|select(.hits.value == 0)| [."rule-number", ."name", ."comments", ."enabled" ]|@csv] of parameter [ $▒▒▒X▒▒▒x▒- x▒- y▒- x▒- ▒- x▒- ▒▒▒, $▒▒▒X▒▒▒x▒- x▒- y▒- x▒- (▒- x▒- ▒▒▒]
Checkpoint>"
Can some one help me to get rid of this problem
Thanks,
Venu.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY