Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Arun66
Explorer
Jump to solution

Rule base export with zero hit count

Hi 

I am trying to export the rules with zero hit count for past three months using API to do a rule base clean up.

Is there a way to filter only the rules with zero counts to be exported using show access-rulebase command

My commnad as follows 

mgmt_cli show access-rulebase offset 0 limit 20 name "Network" details-level "standard" use-object-dictionary true show-hits true hits-settings.from-date "2019-01-01" hits-settings.to-date "2019-01-30" hits-settings.target "XXX"

Thanks & Regards

Arun

0 Kudos
1 Solution

Accepted Solutions
Kannan_R
Participant

Hi Arun,

  You may try this.

mgmt_cli show access-rulebase offset 0 limit 20 name "Network" details-level "standard" use-object-dictionary true show-hits true hits-settings.from-date "2019-01-01" hits-settings.to-date "2019-01-30" hits-settings.target "XXX"  --format json -u XXX -p XXX |jq -r '.rulebase[].rulebase[]|select(.hits.value == 0)| [."rule-number", ."name", ."comments", ."enabled" ]|@csv' > Unusedrules.csv

HTH,

Kannan

View solution in original post

8 Replies
Joshua_Hatter
Employee
Employee

The API team has actually recently released a script to accomplish something very similar. It might work directly for you or maybe you can draw inspiration from it.

GitHub - CheckPointSW/PolicyCleanUp 

cem82
Contributor

Hi Joshua

 

That looks to be an awesome tool and could save us a lot of time 🙂   One bit of enhancement that I think would be great is to include an option where you can exclude rules that were created or modified within X period of time as well.  That would save not taking action on a lot of recently added rules.

0 Kudos
Hugo_Zhao
Employee
Employee
Hi Joshua,

I just downloaded the package , but seems the script can not run in SMC , it requires dependancy to install pip , setuptools and so on.

May I know how we move forward this ?

0 Kudos
Casey_Mullarkey
Explorer

Is this still the case?  Do we need to install pip, setuptools, etc?

0 Kudos
Kannan_R
Participant

Hi Arun,

  You may try this.

mgmt_cli show access-rulebase offset 0 limit 20 name "Network" details-level "standard" use-object-dictionary true show-hits true hits-settings.from-date "2019-01-01" hits-settings.to-date "2019-01-30" hits-settings.target "XXX"  --format json -u XXX -p XXX |jq -r '.rulebase[].rulebase[]|select(.hits.value == 0)| [."rule-number", ."name", ."comments", ."enabled" ]|@csv' > Unusedrules.csv

HTH,

Kannan

sudhir_mirajkar
Participant

Hi,

i am new to this so wanted your help 

what does XXX mean? where should i mention the server name?

can you please guide me

 

thanks,

Sudhir Mirajkar

0 Kudos
James_ONeill1
Explorer
Hi Sudhir, All the information you seek can be found in the Management API Reference Guide 😉
0 Kudos
venudevannagari
Explorer

mgmt_cli show access-rulebase offset 0 limit 20 name "Network" details-level "standard" use-object-dictionary true show-hits true hits-settings.from-date "2019-01-01" hits-settings.to-date "2019-01-30" hits-settings.target "XXX" --format json -u XXX -p XXX |jq -r '.rulebase[].rulebase[]|select(.hits.value == 0)| [."rule-number", ."name", ."comments", ."enabled" ]|@csv' > Unusedrules.csv

 

Hi I have tried this I am able to get the output for "mgmt_cli show access-rulebase offset 0 limit 20 name "Network" details-level "standard" use-object-dictionary true show-hits true hits-settings.from-date "2019-01-01" hits-settings.to-date "2019-01-30" hits-settings.target "XXX" --format json -u XXX -p XXX "

 

but after enter to jq I am unable to get the output

I am getting the below output

" mgmt show access-rulebase name "xxxx" details-level "xxxx" show-hits true hits-settings.from-date "2020-01-01" hits-settings.to-date "2020-04-03" hits-settings.target "xxxx" --format json -u ."json" -p ."json"|jq -r '.rulebase[].rulebase[]|select(.hits.value == 0)| [."rule-number", ."name", ."comments", ."enabled" ]|@csv'


MGMT9000 Invalid value [.rulebase[].rulebase[]|select(.hits.value == 0)| [."rule-number", ."name", ."comments", ."enabled" ]|@csv] of parameter [ $▒▒▒X▒▒▒x▒- x▒- y▒- x▒- ▒- x▒- ▒▒▒, $▒▒▒X▒▒▒x▒- x▒- y▒- x▒- (▒- x▒- ▒▒▒]
Checkpoint>"

Can some one help me to get rid of this problem

 

Thanks,

Venu.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events